Re: bind vs glue records

["Jeremy C. Reed" <reed%reedmedia.net@localhost>]

On Fri, 1 Apr 2016, Mike Pumford wrote:

> > As a workaround, set in your options in named.conf:
> > 
> > request-sit false;
> > 
> That works perfectly for me here for now. Thanks for tracking that one 
> down. I suspect I might never have noticed this until Stephen pointed 
> this out and I'd certainly not have tracked it down without help. :)

No problem.

> Would NetBSD 6.x have had the same problem? Up until recently one of my 2
> servers was 6.x rather than 7.x which might have masked this.

Not currently -- I think it has older BIND. (I did hear some talk about 
upgrading it and that is what prompted me to followup on this.)

> > But regardless of NetBSD using this experimental code, the real code is
> > on by default in upcoming BIND 9.11 and has same problem. I will
> > research some more and let you know.
>
> Good to know. Having just done a quick scan I coulnd't see 
> documentation for 9.11 yet (I guess it won't appear until it gets 
> released) I can't see if this option will continue to work in that 
> release do you know if it will?

The alpha docs are at: https://ftp.isc.org/isc/bind9/9.11.0a1/doc/arm/ 
In particular see 
https://ftp.isc.org/isc/bind9/9.11.0a1/doc/arm/Bv9ARM.ch06.html
about send-cookie. (No, the experimental "sit" option won't work on 9.11 
as the naming of the feature was changed.)

(The best idea would be to complain to these nameserver operators that 
return an NXDOMAIN or don't respond at all.)