RFC 1537 (rfc1537) - Page 3 of 9
Common DNS Data File Configuration Errors
Alternative Format: Original Text Document
RFC 1537 Common DNS Data File Configuration Errors October 1993
Old BIND versions ("native" 4.8.3 and older versions) showed the
problem that wrong glue records could enter secondary servers in a
zone transfer.
3. "Secondary server surprise"
I've seen it happen on various occasions that hosts got bombarded by
nameserver requests without knowing why. On investigation it turned
out then that such a host was supposed to (i.e., the information was
in the root servers) run secondary for some domain (or reverse (in-
addr.arpa)) domain, without that host's nameserver manager having
been asked or even been told so!
Newer BIND versions (4.9 and later) solved this problem. At the same
time though the fix has the disadvantage that it's far less easy to
spot this problem.
Practice has shown that most domain registrars accept registrations
of nameservers without checking if primary (!) and secondary servers
have been set up, informed, or even asked. It should also be noted
that a combination of long-lasting unreachability of primary
nameservers, (therefore) expiration of zone information, plus static
IP routing, can lead to massive network traffic that can fill up
lines completely.
4. "MX records surprise"
In a sense similar to point 3. Sometimes nameserver managers enter MX
records in their zone files that point to external hosts, without
first asking or even informing the systems managers of those external
hosts. This has to be fought out between the nameserver manager and
the systems managers involved. Only as a last resort, if really
nothing helps to get the offending records removed, can the systems
manager turn to the naming authority of the domain above the
offending domain to get the problem sorted out.
5. "Name extension surprise"
Sometimes one encounters weird names, which appear to be an external
name extended with a local domain. This is caused by forgetting to
terminate a name with a dot: names in zone files that don't end with
a dot are always expanded with the name of the current zone (the
domain that the zone file stands for or the last $ORIGIN).
Example: zone file for foo.xx:
pqr MX 100 relay.yy.
xyz MX 100 relay.yy (no trailing dot!)
Beertema