[Question] Question about recursive queries in BIND9
Mark Andrews
Mark_Andrews at isc.org
Tue Dec 20 21:52:07 UTC 2005
> In article <do8kd6$4pj$1 at sf1.isc.org>,
> Hideshi Enokihara <Hideshi.Enokihara at jp.yokogawa.com> wrote:
>
> > Hi all,
> >
> > I have a question regarding recursion behavior of BIND9.
> >
> > For example, I assume the following network.
> >
> > ----------------
> >
> > org domain example.org domain
> > AP Server1 DNS Server2 DNS Server3
> > |A.example.org |NS2.example.org |NS3.example.org
> > |192.168.1.10 | |
> > Net-y --+--------+----------+--------------------+--
> > |
>
> >
> > |
> > |
> > Router
> > |
> > |
> > |
> > Net-z --+--------+----------+---
> > | |
> > | |
> > DNS Server1 (BIND9) DNS Client1
> >
> > ------------------
> >
> > In this network, I ran follwing steps.
> >
> > Pre-sequence
> > A. DNS Client1 send the query(QNAME=A.example.org, QTYPE=A) to DNS
> > Server2(Authoritative server for org domain).
> > B. DNS Server2 send the query to DNS Server3(Authoritative server for
> > example.org domain).
>
> Are you sure about this? None of the authoritative servers for the ORG
> domain that I was able to query (some of them didn't respond when I was
> testing) have recursion enabled.
>
> > C. DNS Server3 send the response(ANSWER NAME=A.example.org, ANSWER
> > ADDRESS=192.168.1.10) to DNS Server2.
> > D. DNS Server2 send the response(ANSWER NAME=A.example.org, ANSWER
> > ADDRESS=192.168.1.10) to DNS Client1.
> >
> > Note:At these steps, DNS Server2 caches the answer for QNAME=A.example.org,
>
> > QTYPE=A.
> >
> > Sequense
> > 1. DNS Client1 send the query(QNAME=A.example.org, QTYPE=A) to DNS
> > Server1(BIND9).
> > 2. DNS Server1(BIND9) send the query to DNS Server2(Authoritative server fo
> r
> > org domain).
> > 3. DNS Server2 send the response(ANSWER NAME=A.example.org, ANSWER
> > ADDRESS=192.168.1.10) from the cache to DNS Server1(BIND9).
> >
> > I expected that BIND9 behave like 4A, but actually, BIND9 behave like 4B.
> >
> > 4A. DNS Server1(BIND9) send the response(ANSWER NAME=A.example.org, ANSWER
> > ADDRESS=192.168.1.10) to Client1.
> > 4B. DNS send the query to DNS Server3(Authoritative server for example.org
> > domain).
>
> ....
>
> > I have a questin about step4A,4B.
> > Why does not DNS Server1(BIND9) send the response(4A) to DNS Client1?
> > What is the reason that DNS Server1(BIND9) does not use/trust DNS Server2's
>
> > cache information?
>
> Did it log a "Lame server" message? When it's asking a server that's
> supposed to be authoritative, it expects an authoritative answer or a
> referral, not a non-authoritative answer.
>
> > Is this behavior follow the RFC?
> > #If BIND9 does not use/trust the other DNS server's cache information, as a
>
> > result, a lot of traffic will be caused in network.
> >
> > Please tell me your opinions.
>
> When caching servers query authoritative servers, they don't normally
> send recursive queries. And top-level authoritative servers don't
> usually have recursion enabled.
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
BIND 9 has code to deal with BIND 8 incorrectly returning
glue in the answer section w/ AA=0.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list