-- Leo's gemini proxy

-- Connecting to thrig.me:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

The Long Tail of DNS Record Types


> I doubt it'll be an unsupported RR type, perhaps something to do with DNSSEC?

gemini://gemini.conman.org/boston/2023/11/28.1


DNSSEC was not supported. Maybe some year I'll get a domain where it is supported. Not this year.


So when you have a black box zone file that is misbehaving, one thing to do would be to obtain the zone file (can you do a zone transfer? if so, start looking at the zone file; if not, plead with the other team for the zone file, or have them) and summarize what record types are present. This may also require looking at a parent zone file above the problematic zone, maybe. I didn't ever get access to the zone file, though someone did eventually find the problem.


What had happened is that my organization had decided that a new name would help with prestige and ranking (domain engine optimization?), so a new name was decided on, as managed by some other group in the parent organization. Instead of starting with a new zone and copying over some necessary entries from the old zone (what I would have done), someone had simply(?) aliased the new zone over to the old one. Then, when it eventually became necessary to change the new zone (these things take time, and memories can become lost, like rings at the bottom of a river) the records would not take as the whole zone was still aliased to the old one.


I cannot reproduce the (reported) issue with nsd, as nsd fails the zone with a "DNAME at foo.example.org. has data below it" error. However, they were not using nsd; probably their name server allowed a mix of DNAME and thus shadowed-by-the-alias records. Or, the issue could have been something else and the problem was reported to me as being due to a DNAME record: perhaps they had automation around how the zonefile was built that was screwing things up. "foo is an alias for bar, so we re-write all these foo records relative to bar, which by the way mangles the change you wanted to make" or something like that. Aliasing at the domain level could be very handy if you have a large number of identical sub-organizations to host: lower risk for copy-and-paste errors at the cost of making the few not-identical zones harder to maintain.


Debugging systems operated by other groups can be pretty tricky.

-- Response ended

-- Page fetched on Tue May 21 18:02:24 2024