[Question] Question about negative answers from the cache of BIND9
Kevin Darcy
kcd at daimlerchrysler.com
Fri Dec 16 21:58:59 UTC 2005
Hideshi Enokihara wrote:
>Hi all,
>
>I have a question about negative answer from the cache of BIND9.
>
>For example, I assume the following network.
>
>----------------
>
> example.org domain
> AP Server1 DNS Server2
> |A.example.org |NS2.example.org
> | |
>Net-y --+--------+----------+--
> |
> |
> |
> Router
> |
> |
> |
>Net-z --+--------+----------+---
> | |
> | |
> DNS Server1 (BIND9) DNS Cient1
>
>------------------
>
>In this network, I ran follwing steps.
>
>1.DNS Client1 send the query(QNAME=invalid.example.org, QTYPE=A) to DNS Server1(BIND9).
>2.DNS Server1(BIND9) send the query to DNS Server2(Authoritative server for example.org domain).
> #Of course, DNS Server1(BIND9) caches the authority server(DNS Server2) of example.org. domain and the Address of DNS Server2.
>3.DNS Server2 send the response to DNS Server1(BIND9) with RCODE=3(NXDOMAIN).
>4.DNS Server1(BIND9) send the response to DNS Client1 with RCODE=3(NXDOMAIN).
>
>5.Once more DNS Client1 send the query (QNAME=invalid.example.org, QTYPE=A) to DNS Server1(BIND9).
>6.DNS Server1(BIND9) send the response to DNS Client1 with RCODE=3(NXDOMAIN) from cache.
>
>This sequence is follow.
>
> DNS Client1 DNS Server1(BIND9) DNS Server2
> | | |
> |----------------------------->| |
> | 1. Send standard query | |
> | QNAME=invalid.example.org | |
> | QTYPE=A | |
> | | |
> | |-------------------------------->|
> | | 2. Recv standard query |
> | | QNAME=invalid.example.org |
> | | QTYPE=A |
> | | |
> | |<--------------------------------|
> | | 3. Send standard query response |
> | | RCODE=3(NXDOMIN) |
> | | QNAME=invalid.example.org |
> | | QTYPE=A |
> | | AUTHORITY Name=example.org |
> | | AUTHORITY TYPE=SOA |
> | | |
> | | |
> | | |
> |<-----------------------------| |
> | 4. Standard query response | |
> | RCODE= 3(NXDOMIN) | |
> | QNAME=invalid.example.org | |
> | QTYPE=A | |
> | AUTHORITY Name=example.org | |
> | AUTHORITY TYPE=SOA | |
> | | |
> |----------------------------->| |
> | 5. Send standard query | |
> | QNAME=invalid.example.org | |
> | QTYPE=A | |
> | | |
> |<-----------------------------| |
> | 6. Standard query response | |
> | RCODE= 3(NXDOMIN) | |
> | QNAME= invalid.example.org | |
> | QTYPE=A | |
> | AUTHORITY Name=example.org | |
> | AUTHORITY TYPE=SOA | |
> | | |
> v v v
>
>I have a questin about step6.
>
>RFC2308 6 - Negative answers from the cache says,
>
> As with all answers coming from the cache, negative answers SHOULD
> have an implicit referral built into the answer. This enables the
> resolver to locate an authoritative source. An implicit referral is
> characterised by NS records in the authority section referring the
> resolver towards a authoritative source.
>
>This sentence means that DNS server should include NS record in the authority section
>when DNS server send the negative answer from the cache, right?
>
>But, DNS Server1(BIND9) does not include NS record in the authority section at step6.
>Why does not includ NS record in the authority section when BIND9 send the
>negative answer from the cache?
>
>I think this BIND9's behavior does not follow the RFC.
>How do you think?
>
Well, a SHOULD is not the same as a MUST, so there is technically no RFC
violation here.
However, as the reference implementation for DNS, my curiosity is piqued
as to why BIND, of all implementations, would opt for default behavior
that contravenes a SHOULD from the relevant RFC.
- Kevin
More information about the bind-users
mailing list