[Question] Question about recursive queries in BIND9
Barry Margolin
barmar at alum.mit.edu
Tue Dec 20 20:05:10 UTC 2005
In article <do8kd6$4pj$1 at sf1.isc.org>,
Hideshi Enokihara <Hideshi.Enokihara at jp.yokogawa.com> wrote:
> Hi all,
>
> I have a question regarding recursion behavior of BIND9.
>
> For example, I assume the following network.
>
> ----------------
>
> org domain example.org domain
> AP Server1 DNS Server2 DNS Server3
> |A.example.org |NS2.example.org |NS3.example.org
> |192.168.1.10 | |
> Net-y --+--------+----------+--------------------+--
> |
>
> |
> |
> Router
> |
> |
> |
> Net-z --+--------+----------+---
> | |
> | |
> DNS Server1 (BIND9) DNS Client1
>
> ------------------
>
> In this network, I ran follwing steps.
>
> Pre-sequence
> A. DNS Client1 send the query(QNAME=A.example.org, QTYPE=A) to DNS
> Server2(Authoritative server for org domain).
> B. DNS Server2 send the query to DNS Server3(Authoritative server for
> example.org domain).
Are you sure about this? None of the authoritative servers for the ORG
domain that I was able to query (some of them didn't respond when I was
testing) have recursion enabled.
> C. DNS Server3 send the response(ANSWER NAME=A.example.org, ANSWER
> ADDRESS=192.168.1.10) to DNS Server2.
> D. DNS Server2 send the response(ANSWER NAME=A.example.org, ANSWER
> ADDRESS=192.168.1.10) to DNS Client1.
>
> Note:At these steps, DNS Server2 caches the answer for QNAME=A.example.org,
> QTYPE=A.
>
> Sequense
> 1. DNS Client1 send the query(QNAME=A.example.org, QTYPE=A) to DNS
> Server1(BIND9).
> 2. DNS Server1(BIND9) send the query to DNS Server2(Authoritative server for
> org domain).
> 3. DNS Server2 send the response(ANSWER NAME=A.example.org, ANSWER
> ADDRESS=192.168.1.10) from the cache to DNS Server1(BIND9).
>
> I expected that BIND9 behave like 4A, but actually, BIND9 behave like 4B.
>
> 4A. DNS Server1(BIND9) send the response(ANSWER NAME=A.example.org, ANSWER
> ADDRESS=192.168.1.10) to Client1.
> 4B. DNS send the query to DNS Server3(Authoritative server for example.org
> domain).
....
> I have a questin about step4A,4B.
> Why does not DNS Server1(BIND9) send the response(4A) to DNS Client1?
> What is the reason that DNS Server1(BIND9) does not use/trust DNS Server2's
> cache information?
Did it log a "Lame server" message? When it's asking a server that's
supposed to be authoritative, it expects an authoritative answer or a
referral, not a non-authoritative answer.
> Is this behavior follow the RFC?
> #If BIND9 does not use/trust the other DNS server's cache information, as a
> result, a lot of traffic will be caused in network.
>
> Please tell me your opinions.
When caching servers query authoritative servers, they don't normally
send recursive queries. And top-level authoritative servers don't
usually have recursion enabled.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list