Question about recursion queries
Kevin Darcy
kcd at chrysler.com
Tue Jul 20 22:25:11 UTC 2010
On 7/19/2010 5:12 AM, Zhang Meng wrote:
>
> The question is given that
>
> When I ask the bind server, what's the A record of google.com
> <http://google.com>?
>
> for the ROOT name server, there're several NS record
>
> /.// //60493// //IN// //NS// //g.root-servers.net
> <http://g.root-servers.net>./
> /.// //60493// //IN// //NS// //b.root-servers.net
> <http://b.root-servers.net>./
> /.// //60493// //IN// //NS// //m.root-servers.net
> <http://m.root-servers.net>./
> /.// //60493// //IN// //NS// //d.root-servers.net
> <http://d.root-servers.net>./
> /.// //60493// //IN// //NS// //j.root-servers.net
> <http://j.root-servers.net>./
> /.// //60493// //IN// //NS// //c.root-servers.net
> <http://c.root-servers.net>./
> /.// //60493// //IN// //NS// //i.root-servers.net
> <http://i.root-servers.net>./
> /.// //60493// //IN// //NS// //a.root-servers.net
> <http://a.root-servers.net>./
> /.// //60493// //IN// //NS// //h.root-servers.net
> <http://h.root-servers.net>./
> /.// //60493// //IN// //NS// //k.root-servers.net
> <http://k.root-servers.net>./
> /.// //60493// //IN// //NS// //l.root-servers.net
> <http://l.root-servers.net>./
> /.// //60493// //IN// //NS// //f.root-servers.net
> <http://f.root-servers.net>./
> /.// //60493// //IN// //NS// //e.root-servers.net
> <http://e.root-servers.net>./
>
> How does the bind handle these multiple NS records?
>
> A).Select one of them to ask the NS records for com. ?
Yes, one of them will be selected either because it has a recorded
history (based on RTT = Round Trip Time) of responding faster than
others, or at random, if there is no history, or insufficient history,
because named just started up, or some combination of the two factors,
because the RTT calculations are grouped together in "bands" and
additionally there is some random "jitter" applied so that named can
adapt to changing network conditions.
> If fails, try the second one?
If that query fails, that particular target nameserver will be penalized
so that it is less likely to be used for a while, and some other
nameserver will be selected, using the same criteria, i.e. by recorded
RTT, with perhaps random variation due to "banding" and/or jitter.
Note that if you're ultimately trying to resolve "google.com" your
queries would generally be only for "google.com" and not ancestors of
that name, such as "com". The only exceptions would be if
(hypothetically) google.com were an alias to something else, in which
case the lookup would be "restarted" with that other name, if "glue
records" need to be resolved while following down the delegation chain,
or if you're doing DNSSEC validation and need to fetch keys/signatures.
> B).Or send several queries concurrently, and get the first one responsed?
No, that would be very wasteful of Internet DNS infrastructure resources.
The failover from one nameserver target to another is quite fast
(measured typically in milliseconds), but the queries are not sent
*simultaneously*. This quick-failover strategy provides a good balance
between query efficiency and resiliency.
>
>
> Could you show me the related code in Bind9.7.1-P2?
>
The code to do _what_, specifically? I suspect the resolution process is
a little more complex than you originally thought, and the code doesn't
exactly help to clarify things either, since it includes a lot of
"housekeeping" junk, e.g. memory management, quotas, task control,
locking, key-generation/validation, socket management, etc. If you're
interested in specifically the routine that sorts the candidate
nameservers according to their RTT values (with some random "jitter"
applied), take a look at sort_finds() and/or sort_adbfind() in
lib/dns/resolver.c. But all you'll really see there is (according to the
comments) "Lame N^2 bubble sort"s. The real "magic" is in how named
records those RTTs on every query it generates (see dns_adb_adjustsrtt()
in lib/dns/adb.c for some of the specifics), and this is something that
is defined in the protocol specification, not just some nifty piece of
code that's part of BIND. You might be better served by reading some
more high-level, abstract explanations of how DNS resolution works,
instead of, or at least in preparation for staring at disparate chunks
of BIND code.
- Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100720/247d40cb/attachment.html>
More information about the bind-users
mailing list