1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
Known Bugs in Dlint 1.3.2
* Dlint checks the reverse records on your local machine's default nameserver.
(Dlint 1.3.1 and earlier mistakenly asked forward-query zone's nameserver).
Neither solution seems right to me, we should determine the list of
authoritative name servers for the reverse domain name to do the query.
However doing so would slot down Dlint a _lot_.
Example: if you're linting zone "bbb.com" and nameserver is ns.bbb.com, and
you are checking record "aaa.bbb.com. IN A 1.2.3.4", then we should really
figure out what nameserver handles 4.3.2.1.in-addr.arpa. and query _it_
for PTR record 4.3.2.1.in-addr.arpa., rather than asking your local host!
* There is some redundancy in checking for illegal "#" character (improperly
commented lines): the A and PTR records occasionally will be checked twice,
and can generate errors twice (all recs checked by TEST 2, then some recs
checked again in TEST 3a and TEST 3b).
OTHER REASONS DLINT MAY NOT WORK RIGHT
* Dlint doesn't work behind some firewalls - it needs to talk to a root
nameserver to get started.
* Dlint uses the zone transfer mechanism (AXFR), which some nameservers deny to
unauthorized hosts. If you're denied, dlint won't work. Other nameservers
happily return zero records instead of an error, when you're unauthorized!
That is just plain stupid, but some sites' nameservers do it anyway.
---
|
