In our particular case, we have stale glue records for our name-
servers that appear to be coming from a domain we host that is owned
by someone else. Despite our best efforts, we have not been able to
reach the owners and thus have not been able to get the host records
changed at the registrar. The net result is that any domains listing
those server names fail to resolve as the old IPs are no longer in
service.
This raises a scary question. If this is really an undefined
situation, could it be used as an attack vector? Although our
particular situation involves no component of fraud, what is to stop
someone from registering a domain and listing our server name with a
bogus IP?
--
Milo Hyson
Chief Scientist
CyberLife Labs
On Jan 7, 2009, at 23:57, Doug Barton wrote:
Milo Hyson wrote:
If different registrars contain different host records for the same
name
server, what glue records are established in the root servers?
Suppose
two domains at different registrars both list ns1.mydomain.com as a
nameserver but each gives a different IP. Are the results undefined?
I'm not sure what the theoretically "correct" way for the reg*'s to
resolve this is, but in practice you're right, the results are
undefined. If these are all hosts and records that you control, the
short answer is, "be careful not to do that."
If you've run into a situation where a hostname for a domain you now
control has stale glue your best point of contact is your registrar
for com/net/org/info/biz/us.
hth,
Doug
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
