Bind-9 strangeness ?
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Mon Aug 18 23:23:47 UTC 2003
Jonathan de Boyne Pollard <J.deBoynePollard at tesco.net> wrote:
> p> Transaction ID: 0x2f87 ( *** NOTE 1 )
> p> Transaction ID: 0x2f87 ( *** NOTE 1 )
> p> *** NOTE 1 ; TransactionID does not match, but these are the same question.
> It looks very much like it _does_ match.
Nope, it does not match the ID in the etherreal log, but the reason for
that is known by now (i did forget that i was observing two different
transactions :-)
> p> *** NOTE 2 ; the answer is " 0011 = Reply code: No such name (3)"
> There's something very strange going on with one of the two
> "folkuniversitetet.se." content DNS servers. 212.73.12.10 publishes
> "no such name" errors for "folkuniversitetet.se." in response to
> certain query types but not in response to others. It also publishes
> some resource record sets with TTLs of over 30 years.
> p> bind-8 does not seem to be affected by this.
> It probably just happened to pick the other server.
Nope, bind-8 seems unaffected IN THE SAME CIRCOMSTANCES ( where the only
remaining nameserver answers "0011 = Reply code: No such name" ). While
bind-9 seems to erase all glue from it's cache bind-8 seems to keep glue
and thus be able to answer with existing cached data the next time a
question arrives.
The failing nameserver is a netware, and it seems to be a known problem
that it answers NXDOMAIN when in fact NOERR + #answers=0 should be the
correct one.
My question is that although a nameservers has received "bad data" bind-8
seems to take less damage( and thus continue to be able to function) then
bind-9 ( who will flush it's memory for everything connected to the
bad data). From a functional standpoint, bind-8 will allow "wheels to turn"
while bind-9 will block the same wheels.
Why should bind-9 behaviour be considered "better" ?
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list