vcunat
commented
5 years ago As suggested by Tony, one way to help would be to require returning the ANAMEs in the SERVFAIL. If you return an empty SERVFAIL to the client (the next link in the cycle chain), it will typically retry and it won't cache the failure for long, because it generally has no way of knowing that the error was some persistent condition. Eventually, it will give up and return SERVFAIL to the next link and it happens again - altogether you might get geometric amplification in each step. ANAME records returned in the SERVFAIL answer could serve as a proof in this case and propagate back to all the links in the chain - and be cached for their whole TTLs.
EDIT: I included considering chains that cross multiple providers, though that might not be a realistic scenario (I don't know).
Extended errors come to mind as well, but they might contain too little information to be as effective.
matje
fcelda
ANAME loops are more difficult to detect in comparison to CNAME loops. If an authoritative server calls out to an external resolver then the authoritative server looses part of the processing context. This may result in DNS message multiplication and bouncing between the authoritative and the recursive.
This problem might be worth pointing out in the Security considerations.
One way to address this is to point all authoritative servers to a single resolver, make sure the resolver is capable of query de-duplication, and let the authoritative act on SERVFAIL (timeout) when resolving the ANAME.
BIND may have an advantage over the authoritative-only servers as it likely doesn't have to call out to other server.