[plug] .org DNS issues
James Devenish
devenish at guild.uwa.edu.au
Tue Dec 9 13:13:53 WST 2003
In message <20031209045623.GJ877 at erdos.home>
on Tue, Dec 09, 2003 at 12:56:23PM +0800, Cameron Patrick wrote:
> On Tue, Dec 09, 2003 at 12:55:15PM +0800, Craig Ringer wrote:
> | >No forwarders? How exactly was BIND supposed to resolve any non-local
> | >names?
> |
> | recursive queries starting at the root servers. Hmm. I normally actually
> | block the root servers in my firewall rules, so I /can't/ accidentally
> | query them.
>
> So that means that what I was doing was bad? :-/
If you are a small island nation or a source of bulk SPAM, then yes, but
"personal use" for testing purposes is unlikely to raise anyone's ire, I
hope :)
In message <20031209045339.GA13554 at mail.guild.uwa.edu.au>
on Tue, Dec 09, 2003 at 12:53:39PM +0800, James Devenish wrote:
> So, you did have root servers configured, but your BIND *really* still
> couldn't resolve xmlsoft.org? Hmm. Maybe the root server wouldn't honour
> queries from your location (would that be allowed/typical)?
To answer my own query (quoting RFC 2870):
2.6 Root servers MUST answer queries from any internet host, i.e. may
not block root name resolution from any valid IP address, except
in the case of queries causing operational problems, in which
case the blocking SHOULD last only as long as the problem, and be
as specific as reasonably possible.
Still, I wonder why you couldn't reach the org. nameserver.
I also note:
3.2.1 The root servers themselves MUST NOT provide services
other than root name service e.g. remote internet
protocols such as http, telnet, rlogin, ftp, etc.
Does m.root-servers.org violates that (saw it pop up in a Google search)?
<shrug/>
More information about the plug
mailing list