Bind can not resolve.
Mark Andrews
Mark_Andrews at isc.org
Thu Mar 29 02:35:39 UTC 2007
> In article <euf6oj$e9l$1 at sf1.isc.org>,
> Mark Andrews <Mark_Andrews at isc.org> wrote:
>
> > > In article <eud6c6$25r1$1 at sf1.isc.org>,
> > > Mark Andrews <Mark_Andrews at isc.org> wrote:
> > >
> > > > > bind9 seem to be unable to resolve if during resolution of an A recor
> d
> > > > > a
> > > > > CNAME is returned pointing to a parent domain without the correspondi
> ng
> > > > > A
> > > > > record.
> > > > >
> > > > > Example: cname.bind9.expol.us
> > > > >
> > > > > Trying CNAME first makes A resolution work, otherwise I get SERVFAIL.
> > > >
> > > > It would help if the authorative servers actually followed
> > > > RFC 1034. The server should be including the A record in
> > > > the answer as it serves the parent zone. If should also be
> > > > returning a referral to the parent zone (not the child zone)
> > > > if it returns the implicit referral.
> > >
> > > While this would certainly make resolution faster, I can't see why
> > > failing to follow the CNAME should cause the resolver to fail. If the
> > > authoritative server doesn't follow the CNAME automatically, the
> > > resolver should do so, just as it must if the CNAME pointed to a zone
> > > that's hosted on a different server from the CNAME itself.
> >
> > By not following the algorithm through to conclusion they
> > generated a bad referral.
>
> What referral? It looks to me like it's the NS record of the zone
> containing the record being returned. It's normal behavior to include
> this record in the authority section of a response.
Not when you are *following* (QTYPE != CNAME or *) a CNAME.
The authority section refers to the new QNAME.
> > "foo.expol.us" is not a (sub)domain of "bind9.expol.us".
> >
> > Named rejects this. Yes we are picky however we have been
> > burnt too many times by not being picky enough.
>
> >
> > Note the response below would be fine if the QTYPE was
> > CNAME or * as the CNAME is not supposed to be followed
> > in those cases.
>
> What if the CNAME pointed to a totally unrelated zone that wasn't in the
> authoritative server's cache? Wouldn't you expect it to return an
> answer just like the one below?
If QTYPE is CNAME or *. Yes.
If QTYPE is not CNAME or *. No.
> > Mark
> >
> > ; <<>> DiG 9.3.3 <<>> cname.bind9.expol.us @NS1.expol.us +norec
> > ; (1 server found)
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34231
> > ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> >
> > ;; QUESTION SECTION:
> > ;cname.bind9.expol.us. IN A
> >
> > ;; ANSWER SECTION:
> > cname.bind9.expol.us. 300 IN CNAME foo.expol.us.
> >
> > ;; AUTHORITY SECTION:
> > bind9.expol.us. 7200 IN NS ns1.expol.us.
> >
> > ;; ADDITIONAL SECTION:
> > ns1.expol.us. 7200 IN A 66.125.246.106
> >
> > ;; Query time: 180 msec
> > ;; SERVER: 66.125.246.106#53(66.125.246.106)
> > ;; WHEN: Thu Mar 29 11:47:21 2007
> > ;; MSG SIZE rcvd: 90
> >
> > >
> > > --
> > > Barry Margolin, barmar at alum.mit.edu
> > > Arlington, MA
> > > *** PLEASE post questions in newsgroups, not directly to me ***
> > > *** PLEASE don't copy me on replies, I'll read them in the group ***
> > >
> > >
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list