Recursive PTR query behavior
Mark Andrews
Mark_Andrews at isc.org
Fri Feb 24 10:42:58 UTC 2006
> However, when query type is A, Server 1 doesn't go back up to the root server.
> DNS Server1 believes the glue records from the previouse response from Server4.
>
> Why is the behavior of the DNS server1 different from query type A and PTR?
It's not. A.EXAMPLE.ORG != 10.1.168.192.IN-ADDR.ARPA.
For the A.EXAMPLE.ORG query each of the referrals the nameservers are
below the referral point.
For 10.1.168.192.IN-ADDR.ARPA only the first referral was below the
parent zone (.) as viewed from the interative resolver.
Mark
> DNS server1 works according to the following sequences when the query type is A.
>
> Client1 (TN) DNS Server1 (NUT) DNS Server2 DNS Server3 (TN) DNS Server4 (TN)
> | | | | |
> |--------------------->| | | |
> |1. Send standard query| | | |
> | QNAME=A.example.org | | | |
> | QTYPE=A | | | |
> | |------------------------>| | |
> | | 2. Send standard query | | |
> | | QNAME=A.example.org | | |
> | | QTYPE=A | | |
> | | | | |
> | |<------------------------| | |
> | | 3.Send standard response| | |
> | | QNAME=A.example.org | | |
> | | QTYPE=A | | |
> | | AUTHORITY Name = org | | |
> | | AUTHORITY Name Server | | |
> | | =NS3.example.net | | |
> | | ADDITIONAL Name | | |
> | | =NS3.example.net| | |
> | | ADDITIONAL Address | | |
> | | =192.168.1.30 | | |
> | | | | |
> | |--------------------------------------------------->| |
> | | | 4. Send standard query | |
> | | | QNAME=A.example.org | |
> | | | QTYPE=A | |
> | | | | |
> | |<---------------------------------------------------| |
> | | | 5. Send standard response| |
> | | | QNAME=A.example.org | |
> | | | QTYPE=A | |
> | | | AUTHORITY Name | |
> | | | =example.org | |
> | | | AUTHORITY Name Server | |
> | | | =NS4.example.org | |
> | | | ADDITIONAL Name | |
> | | | =NS4.example.org | |
> | | | ADDITIONAL Address | |
> | | | =192.168.1.40 | |
> | | | | |
> | |------------------------------------------------------------------------------>|
> | | | | 6. Send standard query |
> | | | | QNAME=A.example.org |
> | | | | QTYPE=A |
> | | | | |
> | |<------------------------------------------------------------------------------|
> | | | | 7. Send standard response|
> | | | | QNAME=A.example.org |
> | | | | QTYPE=A |
> | | | | ANSWER Name=A.example.org|
> | | | | ANSWER Address |
> | | | | =192.168.1.10 |
> | | | | AUTHORITY Name |
> | | | | =example.org |
> | | | | AUTHORITY Name Server |
> | | | | =NS4.example.org |
> | | | | ADDITIONAL Name |
> | | | | =NS4.example.org |
> | | | | ADDITIONAL Address |
> | | | | =192.168.1.40 |
> |<---------------------|
> |8.Standard query |
> | response|
> | QNAME=A.example.org |
> | QTYPE=A |
> | ANSWER Name |
> | =A.example.org|
> | ANSWER Address |
> | =192.168.1.10 |
> | AUTHORITY Name |
> | =example.org |
> | AUTHORITY Name Server|
> | =NS4.example.org|
> v v
>
> Kevin Darcy wrote:
> > Server1 doesn't necessarily believe the glue records from the response
> > to the previous query since Server3 is not, as far as it knows,
> > authoritative for anything under .org. The data isn't very "credible".
> > So Server1 goes back up to the root server (Server2) to get an
> > "independent" resolution of that name.
> >
> > - Kevin
> >
> > Nobumichi Ozoe wrote:
> >
> >
> >>Hi,
> >>
> >>Now I am testing the recursive PTR query of BIND 9.3.1.
> >>
> >>The DNS Client1 request for PTR RRs for 10.1.168.192.IN-ADDR.ARPA to DNS Server1.
> >>
> >>% dig @192.168.0.10 10.1.168.192.IN-ADDR.ARPA. -t PTR
> >>
> >>DNS Server1 receved standard query from DNS Client1, and transmits recursive query.
> >>It's sequence flow are described as following.
> >>
> >>When DNS Server1 received No. 5 packet, I expect that DNS Server1 sends
> >>QNAME=10.1.168.192.IN-ADDR.ARPA, QTYPE=PTR query to DNS Server4 (No. 6 sequence).
> >>However DNS Server1 sends QNAME=NS4.example.org, QTYPE=A query to DNS Server2.
> >>
> >>Q. Why DNS Server1 doesn't send QNAME=10.1.168.192.IN-ADDR.ARPA, QTYPE=PTR query to
> >> DNS Server4 as authority of 168.192.IN-ADDR.ARPA?
> >>
> >>Topology
> >>---------
> >>
> >> IN-ADDR.ARPA domain 192.IN-ADDR.ARPA domain 168.192.IN-ADDR.ARPA domain
> >> DNS Server2 DNS Server3 DNS Server4
> >> |A.ROOT.NET |NS3.example.net |NS4.example.org
> >> |192.168.1.20 |192.168.1.30 |192.168.1.40
> >> | | |
> >>Net-y --+--------+---------------+------------+-----------+------- 192.168.1/24
> >> | |
> >> | |1.168.192.IN-ADDR.ARPA domain
> >> Router (TN) DNS Server5
> >> | NS5.example.org
> >> |192.168.0.1 192.168.1.50
> >> |
> >>Net-z --+--------+-----------------+-------- 192.168.0/24
> >> | |
> >> | |
> >> DNS Server1 (NUT) DNS Client1 (TN)
> >> NS1.example.com
> >> 192.168.0.10 192.168.0.20
> >>
> >>
> >>Configuration
> >>--------------
> >>
> >>named configuration is:
> >>
> >>options {
> >> directory "/etc/namedb";
> >> pid-file "/var/run/named/pid";
> >> dump-file "/var/dump/named_dump.db";
> >> statistics-file "/var/stats/named.stats";
> >> listen-on { any;};
> >> listen-on-v6 { any;};
> >> notify no;
> >> recursion yes;
> >> request-ixfr no;
> >> provide-ixfr no;
> >>};
> >>zone "." {
> >> type hint;
> >> file "named.root";
> >>};
> >>zone "example.com" {
> >> type master;
> >> allow-query {any;};
> >> allow-transfer {any;};
> >> file "master/example.com";
> >>};
> >>
> >>
> >>Zone files
> >>----------
> >>
> >>DNS Server1 is a name server for the example.com.
> >>The zone data for the example.com domain is:
> >>
> >>$TTL 86400 ; TTL of 1 day
> >>@ IN SOA NS1.example.com. root.example.com. (
> >> 2005081600 ; serial
> >> 3600 ; refresh every 1 hr
> >> 900 ; retry every 15 min
> >> 604800 ; expire after a week
> >> 3600 ; Minimum TTL of a 1 hr
> >>)
> >>;
> >> IN NS NS1.example.com.
> >>NS1 IN A 192.168.0.10
> >>
> >>
> >>DNS Server2 is a name server for the root. Root server list on DNS Server1 is:
> >>
> >>. 3600000 IN NS A.ROOT.NET.
> >>A.ROOT.NET. 3600000 A 192.168.1.20
> >>
> >>Sequence flow.
> >>--------------
> >>* TN: Tester node
> >>* NUT: Node under test
> >> <--------------- TN ---------------------------->
> >>DNS Client1 (TN) DNS Server1 (NUT) DNS Server2 DNS Server3 DNS Server4 DNS Server5
> >> | | | | | |
> >> |----------------------------->| | | | |
> >> | 1. Send standard query | | | | |
> >> | QNAME | | | | |
> >> | =10.1.168.192.IN-ADDR.ARPA | | | | |
> >> | QTYPE=PTR | | | | |
> >> | |-------------------------------->| | | |
> >> | | 2. Recv standard query | | | |
> >> | | QNAME | | | |
> >> | | =10.1.168.192.IN-ADDR.ARPA | | | |
> >> | | QTYPE=PTR | | | |
> >> | | | | | |
> >> | |<--------------------------------| | | |
> >> | | 3. Send standard query response | | | |
> >> | | QNAME | | | |
> >> | | =10.1.168.192.IN-ADDR.ARPA | | | |
> >> | | QTYPE=PTR | | | |
> >> | | AUTHORITY Name | | | |
> >> | | =192.IN-ADDR.ARPA | | | |
> >> | | AUTHORITY NSDNAME | | | |
> >> | | =NS3.example.net | | | |
> >> | | ADDITIONAL Name | | | |
> >> | | =NS3.example.net | | | |
> >> | | ADDITIONAL Address | | | |
> >> | | =192.168.1.30 | | | |
> >> | | | | | |
> >> | | v | | |
> >> | | | | |
> >> | |-------------------------------------------->| | |
> >> | | 4. Recv standard query | | |
> >> | | QNAME | | |
> >> | | =10.1.168.192.IN-ADDR.ARPA | | |
> >> | | QTYPE=PTR | | |
> >> | | | | |
> >> | |<--------------------------------------------| | |
> >> | | 5. Send standard query response | | |
> >> | | QNAME | | |
> >> | | =10.1.168.192.IN-ADDR.ARPA | | |
> >> | | QTYPE=PTR | | |
> >> | | AUTHORITY Name | | |
> >> | | = 168.192.IN-ADDR.ARPA | | |
> >> | | AUTHORITY NSDNAME | | |
> >> | | = NS4.example.org | | |
> >> | | ADDITIONAL Name | | |
> >> | | = NS4.example.org | | |
> >> | | ADDITIONAL Address | | |
> >> | | = 192.168.1.40 | | |
> >> | | | | |
> >> | | v | |
> >> | | | |
> >> | |-------------------------------------------------------->| |
> >> | | 6. Send standard query | |
> >> | | QNAME | |
> >> | | =10.1.168.192.IN-ADDR.ARPA | |
> >> | | QTYPE=PTR | |
> >> | | | |
> >> | |<--------------------------------------------------------| |
> >> | | 7. Send standard query response| |
> >> | | QNAME | |
> >> | | =10.1.168.192.IN-ADDR.ARPA | |
> >> | | QTYPE=PTR | |
> >> | | AUTHORITY Name | |
> >> | | = 1.168.192.IN-ADDR.ARPA | |
> >> | | AUTHORITY NSDNAME | |
> >> | | = NS5.example.org | |
> >> | | ADDITIONAL Name | |
> >> | | = NS5.example.org | |
> >> | | ADDITIONAL Address | |
> >> | | = 192.168.1.50 | |
> >> | | | |
> >> | | v |
> >> | | |
> >> | |-------------------------------------------------------------------->|
> >> | | 8. Send standard query |
> >> | | QNAME |
> >> | | =10.1.168.192.IN-ADDR.ARPA |
> >> | | QTYPE=PTR |
> >> | | |
> >> | |<--------------------------------------------------------------------|
> >> | | 9. Send standard query response |
> >> | | QNAME |
> >> | | =10.1.168.192.IN-ADDR.ARPA |
> >> | | QTYPE=PTR |
> >> | | ANSWER NAME |
> >> | | = 10.1.168.192.IN-ADDR.ARPA |
> >> | | ANSWER PTRDNAME |
> >> | | = A.example.org |
> >> | | AUTHORITY Name |
> >> | | = 1.168.192.IN-ADDR.ARPA |
> >> | | AUTHORITY NSDNAME |
> >> | | = NS5.example.org |
> >> | | ADDITIONAL Name |
> >> | | = NS5.example.org |
> >> | | ADDITIONAL Address |
> >> | | = 192.168.1.50 |
> >> |<-----------------------------| v
> >> | 10. Recv Standard query |
> >> | response |
> >> | QNAME |
> >> | = 10.1.168.192.IN-ADDR.ARPA|
> >> | QTYPE=PTR |
> >> | ANSWER NAME |
> >> | = 10.1.168.192.IN-ADDR.ARPA|
> >> | ANSWER PTRDNAME |
> >> | = A.example.org |
> >> | AUTHORITY Name |
> >> | = 1.168.192.IN-ADDR.ARPA |
> >> | AUTHORITY NSDNAME |
> >> | = NS5.example.org |
> >> | ADDITIONAL Name |
> >> | = NS5.example.org |
> >> | ADDITIONAL Address |
> >> | = 192.168.1.50 |
> >> v v
> >>
> >>
> >>Best regards,
> >>
> >>
> >>
>
> --
> Nobumichi Ozoe
> IPv6 Business
> Network & Software Development Dept.
> Yokogawa Electric Corporation
> E-mail: Nobumichi.Ozoe at jp.yokogawa.com
> URL: http://www.yokogawa.com/
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list