Recursive PTR query behavior
Nobumichi Ozoe
Nobumichi.Ozoe at jp.yokogawa.com
Fri Feb 24 13:00:01 UTC 2006
Hi,
Mark Andrews wrote:
>>However, when query type is A, Server 1 doesn't go back up to the root server.
>>DNS Server1 believes the glue records from the previouse response from Server4.
>>
>>Why is the behavior of the DNS server1 different from query type A and PTR?
>
>
> It's not. A.EXAMPLE.ORG != 10.1.168.192.IN-ADDR.ARPA.
>
> For the A.EXAMPLE.ORG query each of the referrals the nameservers are
> below the referral point.
>
> For 10.1.168.192.IN-ADDR.ARPA only the first referral was below the
> parent zone (.) as viewed from the interative resolver.
>
> Mark
Because authority name gradually becomes closer to the answer,
I thought that the server believes it.
Otherwise, a lot of query are sent to root or parent server.
I think that these behavior happens for E164.ARPA, IP6.ARPA and other domains also.
Which RFC defines these behavior? Could you teach me?
>>DNS server1 works according to the following sequences when the query type is A.
>>
>
>
>
>>Client1 (TN) DNS Server1 (NUT) DNS Server2 DNS Server3 (TN) DNS Server4 (TN)
>>| | | | |
>>|--------------------->| | | |
>>|1. Send standard query| | | |
>>| QNAME=A.example.org | | | |
>>| QTYPE=A | | | |
>>| |------------------------>| | |
>>| | 2. Send standard query | | |
>>| | QNAME=A.example.org | | |
>>| | QTYPE=A | | |
>>| | | | |
>>| |<------------------------| | |
>>| | 3.Send standard response| | |
>>| | QNAME=A.example.org | | |
>>| | QTYPE=A | | |
>>| | AUTHORITY Name = org | | |
>>| | AUTHORITY Name Server | | |
>>| | =NS3.example.net | | |
>>| | ADDITIONAL Name | | |
>>| | =NS3.example.net| | |
>>| | ADDITIONAL Address | | |
>>| | =192.168.1.30 | | |
>>| | | | |
>>| |--------------------------------------------------->| |
>>| | | 4. Send standard query | |
>>| | | QNAME=A.example.org | |
>>| | | QTYPE=A | |
>>| | | | |
>>| |<---------------------------------------------------| |
>>| | | 5. Send standard response| |
>>| | | QNAME=A.example.org | |
>>| | | QTYPE=A | |
>>| | | AUTHORITY Name | |
>>| | | =example.org | |
>>| | | AUTHORITY Name Server | |
>>| | | =NS4.example.org | |
>>| | | ADDITIONAL Name | |
>>| | | =NS4.example.org | |
>>| | | ADDITIONAL Address | |
>>| | | =192.168.1.40 | |
>>| | | | |
>>| |------------------------------------------------------------------------------>|
>>| | | | 6. Send standard query |
>>| | | | QNAME=A.example.org |
>>| | | | QTYPE=A |
>>| | | | |
>>| |<------------------------------------------------------------------------------|
>>| | | | 7. Send standard response|
>>| | | | QNAME=A.example.org |
>>| | | | QTYPE=A |
>>| | | | ANSWER Name=A.example.org|
>>| | | | ANSWER Address |
>>| | | | =192.168.1.10 |
>>| | | | AUTHORITY Name |
>>| | | | =example.org |
>>| | | | AUTHORITY Name Server |
>>| | | | =NS4.example.org |
>>| | | | ADDITIONAL Name |
>>| | | | =NS4.example.org |
>>| | | | ADDITIONAL Address |
>>| | | | =192.168.1.40 |
>>|<---------------------|
>>|8.Standard query |
>>| response|
>>| QNAME=A.example.org |
>>| QTYPE=A |
>>| ANSWER Name |
>>| =A.example.org|
>>| ANSWER Address |
>>| =192.168.1.10 |
>>| AUTHORITY Name |
>>| =example.org |
>>| AUTHORITY Name Server|
>>| =NS4.example.org|
>>v v
>>
>>Kevin Darcy wrote:
>>
>>>Server1 doesn't necessarily believe the glue records from the response
>>>to the previous query since Server3 is not, as far as it knows,
>>>authoritative for anything under .org. The data isn't very "credible".
>>>So Server1 goes back up to the root server (Server2) to get an
>>>"independent" resolution of that name.
>>>
>>>- Kevin
>>>
>>>Nobumichi Ozoe wrote:
>>>
>>>
>>>
>>>>Hi,
>>>>
>>>>Now I am testing the recursive PTR query of BIND 9.3.1.
>>>>
>>>>The DNS Client1 request for PTR RRs for 10.1.168.192.IN-ADDR.ARPA to DNS Server1.
>>>>
>>>>% dig @192.168.0.10 10.1.168.192.IN-ADDR.ARPA. -t PTR
>>>>
>>>>DNS Server1 receved standard query from DNS Client1, and transmits recursive query.
>>>>It's sequence flow are described as following.
>>>>
>>>>When DNS Server1 received No. 5 packet, I expect that DNS Server1 sends
>>>>QNAME=10.1.168.192.IN-ADDR.ARPA, QTYPE=PTR query to DNS Server4 (No. 6 sequence).
>>>>However DNS Server1 sends QNAME=NS4.example.org, QTYPE=A query to DNS Server2.
>>>>
>>>>Q. Why DNS Server1 doesn't send QNAME=10.1.168.192.IN-ADDR.ARPA, QTYPE=PTR query to
>>>> DNS Server4 as authority of 168.192.IN-ADDR.ARPA?
>>>>
>>>>Topology
>>>>---------
>>>>
>>>> IN-ADDR.ARPA domain 192.IN-ADDR.ARPA domain 168.192.IN-ADDR.ARPA domain
>>>> DNS Server2 DNS Server3 DNS Server4
>>>> |A.ROOT.NET |NS3.example.net |NS4.example.org
>>>> |192.168.1.20 |192.168.1.30 |192.168.1.40
>>>> | | |
>>>>Net-y --+--------+---------------+------------+-----------+------- 192.168.1/24
>>>> | |
>>>> | |1.168.192.IN-ADDR.ARPA domain
>>>> Router (TN) DNS Server5
>>>> | NS5.example.org
>>>> |192.168.0.1 192.168.1.50
>>>> |
>>>>Net-z --+--------+-----------------+-------- 192.168.0/24
>>>> | |
>>>> | |
>>>> DNS Server1 (NUT) DNS Client1 (TN)
>>>> NS1.example.com
>>>> 192.168.0.10 192.168.0.20
>>>>
>>>>
>>>>Configuration
>>>>--------------
>>>>
>>>>named configuration is:
>>>>
>>>>options {
>>>> directory "/etc/namedb";
>>>> pid-file "/var/run/named/pid";
>>>> dump-file "/var/dump/named_dump.db";
>>>> statistics-file "/var/stats/named.stats";
>>>> listen-on { any;};
>>>> listen-on-v6 { any;};
>>>> notify no;
>>>> recursion yes;
>>>> request-ixfr no;
>>>> provide-ixfr no;
>>>>};
>>>>zone "." {
>>>> type hint;
>>>> file "named.root";
>>>>};
>>>>zone "example.com" {
>>>> type master;
>>>> allow-query {any;};
>>>> allow-transfer {any;};
>>>> file "master/example.com";
>>>>};
>>>>
>>>>
>>>>Zone files
>>>>----------
>>>>
>>>>DNS Server1 is a name server for the example.com.
>>>>The zone data for the example.com domain is:
>>>>
>>>>$TTL 86400 ; TTL of 1 day
>>>>@ IN SOA NS1.example.com. root.example.com. (
>>>> 2005081600 ; serial
>>>> 3600 ; refresh every 1 hr
>>>> 900 ; retry every 15 min
>>>> 604800 ; expire after a week
>>>> 3600 ; Minimum TTL of a 1 hr
>>>>)
>>>>;
>>>> IN NS NS1.example.com.
>>>>NS1 IN A 192.168.0.10
>>>>
>>>>
>>>>DNS Server2 is a name server for the root. Root server list on DNS Server1 is:
>>>>
>>>>. 3600000 IN NS A.ROOT.NET.
>>>>A.ROOT.NET. 3600000 A 192.168.1.20
>>>>
>>>>Sequence flow.
>>>>--------------
>>>>* TN: Tester node
>>>>* NUT: Node under test
>>>> <--------------- TN ---------------------------->
>>>>DNS Client1 (TN) DNS Server1 (NUT) DNS Server2 DNS Server3 DNS Server4 DNS Server5
>>>> | | | | | |
>>>> |----------------------------->| | | | |
>>>> | 1. Send standard query | | | | |
>>>> | QNAME | | | | |
>>>> | =10.1.168.192.IN-ADDR.ARPA | | | | |
>>>> | QTYPE=PTR | | | | |
>>>> | |-------------------------------->| | | |
>>>> | | 2. Recv standard query | | | |
>>>> | | QNAME | | | |
>>>> | | =10.1.168.192.IN-ADDR.ARPA | | | |
>>>> | | QTYPE=PTR | | | |
>>>> | | | | | |
>>>> | |<--------------------------------| | | |
>>>> | | 3. Send standard query response | | | |
>>>> | | QNAME | | | |
>>>> | | =10.1.168.192.IN-ADDR.ARPA | | | |
>>>> | | QTYPE=PTR | | | |
>>>> | | AUTHORITY Name | | | |
>>>> | | =192.IN-ADDR.ARPA | | | |
>>>> | | AUTHORITY NSDNAME | | | |
>>>> | | =NS3.example.net | | | |
>>>> | | ADDITIONAL Name | | | |
>>>> | | =NS3.example.net | | | |
>>>> | | ADDITIONAL Address | | | |
>>>> | | =192.168.1.30 | | | |
>>>> | | | | | |
>>>> | | v | | |
>>>> | | | | |
>>>> | |-------------------------------------------->| | |
>>>> | | 4. Recv standard query | | |
>>>> | | QNAME | | |
>>>> | | =10.1.168.192.IN-ADDR.ARPA | | |
>>>> | | QTYPE=PTR | | |
>>>> | | | | |
>>>> | |<--------------------------------------------| | |
>>>> | | 5. Send standard query response | | |
>>>> | | QNAME | | |
>>>> | | =10.1.168.192.IN-ADDR.ARPA | | |
>>>> | | QTYPE=PTR | | |
>>>> | | AUTHORITY Name | | |
>>>> | | = 168.192.IN-ADDR.ARPA | | |
>>>> | | AUTHORITY NSDNAME | | |
>>>> | | = NS4.example.org | | |
>>>> | | ADDITIONAL Name | | |
>>>> | | = NS4.example.org | | |
>>>> | | ADDITIONAL Address | | |
>>>> | | = 192.168.1.40 | | |
>>>> | | | | |
>>>> | | v | |
>>>> | | | |
>>>> | |-------------------------------------------------------->| |
>>>> | | 6. Send standard query | |
>>>> | | QNAME | |
>>>> | | =10.1.168.192.IN-ADDR.ARPA | |
>>>> | | QTYPE=PTR | |
>>>> | | | |
>>>> | |<--------------------------------------------------------| |
>>>> | | 7. Send standard query response| |
>>>> | | QNAME | |
>>>> | | =10.1.168.192.IN-ADDR.ARPA | |
>>>> | | QTYPE=PTR | |
>>>> | | AUTHORITY Name | |
>>>> | | = 1.168.192.IN-ADDR.ARPA | |
>>>> | | AUTHORITY NSDNAME | |
>>>> | | = NS5.example.org | |
>>>> | | ADDITIONAL Name | |
>>>> | | = NS5.example.org | |
>>>> | | ADDITIONAL Address | |
>>>> | | = 192.168.1.50 | |
>>>> | | | |
>>>> | | v |
>>>> | | |
>>>> | |-------------------------------------------------------------------->|
>>>> | | 8. Send standard query |
>>>> | | QNAME |
>>>> | | =10.1.168.192.IN-ADDR.ARPA |
>>>> | | QTYPE=PTR |
>>>> | | |
>>>> | |<--------------------------------------------------------------------|
>>>> | | 9. Send standard query response |
>>>> | | QNAME |
>>>> | | =10.1.168.192.IN-ADDR.ARPA |
>>>> | | QTYPE=PTR |
>>>> | | ANSWER NAME |
>>>> | | = 10.1.168.192.IN-ADDR.ARPA |
>>>> | | ANSWER PTRDNAME |
>>>> | | = A.example.org |
>>>> | | AUTHORITY Name |
>>>> | | = 1.168.192.IN-ADDR.ARPA |
>>>> | | AUTHORITY NSDNAME |
>>>> | | = NS5.example.org |
>>>> | | ADDITIONAL Name |
>>>> | | = NS5.example.org |
>>>> | | ADDITIONAL Address |
>>>> | | = 192.168.1.50 |
>>>> |<-----------------------------| v
>>>> | 10. Recv Standard query |
>>>> | response |
>>>> | QNAME |
>>>> | = 10.1.168.192.IN-ADDR.ARPA|
>>>> | QTYPE=PTR |
>>>> | ANSWER NAME |
>>>> | = 10.1.168.192.IN-ADDR.ARPA|
>>>> | ANSWER PTRDNAME |
>>>> | = A.example.org |
>>>> | AUTHORITY Name |
>>>> | = 1.168.192.IN-ADDR.ARPA |
>>>> | AUTHORITY NSDNAME |
>>>> | = NS5.example.org |
>>>> | ADDITIONAL Name |
>>>> | = NS5.example.org |
>>>> | ADDITIONAL Address |
>>>> | = 192.168.1.50 |
>>>> v v
>>>>
>>>>
>>>>Best regards,
>>>>
>>>>
>>>>
>>
>>--
>>Nobumichi Ozoe
>>IPv6 Business
>>Network & Software Development Dept.
>>Yokogawa Electric Corporation
>>E-mail: Nobumichi.Ozoe at jp.yokogawa.com
>>URL: http://www.yokogawa.com/
>>
>>
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
>
--
Nobumichi Ozoe
IPv6 Business
Network & Software Development Dept.
Yokogawa Electric Corporation
E-mail: Nobumichi.Ozoe at jp.yokogawa.com
URL: http://www.yokogawa.com/
More information about the bind-users
mailing list