non-recurce queries on 8.2.2 pl 5

Peter.Pedersen at sas.dk Peter.Pedersen at sas.dk
Tue Nov 23 08:35:10 UTC 1999 

Hi,

The idea was to have a static configuration on the firewall using the new
feature "forward zone" in order to simplify maintenance, since the peoble in
the DNS group do  not have access to the firewall.

The configuration on the firewall point to an number of different DNS
servers (maintained by partners) on an extra-net and on the intranet and we
do not want to make zone-transfers from internal or external DNS servers.
This configuartion minimize the maintenance on the firewall and the need for
bandwith (no zone transfer).

It is not yet in production, but everything seems to be fine except when the
DNS server recive a non-recurce query and it does not have the information
in cache.

Unfortunately this happen quite often, since the other partners access to
our DNS (on the extranet firewall) goes through their own DNS servers (using
forward-zone or internal root configuration). A DNS server makes non-recurce
queries in order to resolve names.

I have not found any way to force a DNS server to make recurce queries??

Any ideas???

Here is a small part of the named.conf

zone "sas.star-alliance.net" in {
	type forward;
	forward only;
	forwarders { 159.195.66.66; 159.195.77.77; };
	check-names warn;
};

zone "12.60.57.in-addr.arpa" in {
	type forward;
	forward only;
        forwarders { 159.195.66.66; 159.195.77.77; };
	check-names warn;
};

zone "ual.star-alliance.net" in {
	type forward;
	forward only;
	forwarders { 57.60.16.9; };
	check-names warn;
};

Thanks for the help. 

Peter Pedersen

E-mail: 		peter.pedersen at sas.dk
Phone:		+45 32 32 6138
Fax:		+45 32 32 6731
SAS-mail:	CPHXA/PED

Scandinavian Airlines Data Denmark A/S
Afd. CPHXA
Engvej 165, Postbox 1819
DK-2300  København S



-----Original Message-----
From: Mark_Andrews at iengines.com [mailto:Mark_Andrews at iengines.com]
Sent: Monday, November 22, 1999 10:27 PM
To: Peter.Pedersen at sas.dk
Cc: bind-users at isc.org
Subject: Re: non-recurce queries on 8.2.2 pl 5 



	I can see nothing wrong with this sequence of answers.

	The first answer is a referral as you made a non recursive
	query and the answer was not in the cache.  You next made a
	recursive query, which had the side effect of populating the
	cache.  The third query was able to find the answer in the
	cache so you got it back.

	If you tell us what you want to achive and how you have got
	things set up we may be able to tell you where you went wrong.

	Mark
> Hi,
> 
> we have a DNS server running as strictly forward/cache on a firewall
server
> with the bind 8.2.2 pl 5.
> The domain sas.star-allinace.net is defined with a primary and a secondary
> server on our intranet.
> 
> When we make a non-recurce query to this DNS on a know host it come back
> with no-answer.
> 
> Then we make a recurce query, and it answers correctly with the A-record.
> 
> Now we are able to make a non-recurce query and it answers correctly with
> the A-record.
> 
> It there something we have missed with the new forward-zone statement in
> bind 8.2.2 ??
> 
> Here is the output from nslookup:
> 
> > set norecurce
> > set d2
> > cphmsgt002a.sas.star-alliance.net.
> Server:  cphfws05.sas.star-alliance.net
> Address:  57.60.12.7
> 
> ------------
> SendRequest(), len 51
>     HEADER:
>         opcode = QUERY, id = 3, rcode = NOERROR
>         header flags:  query
>         questions = 1,  answers = 0,  authority records = 0,  additional =
0
> 
>     QUESTIONS:
>         cphmsgt002a.sas.star-alliance.net, type = A, class = IN
> 
> ------------
> ------------
> Got answer (128 bytes):
>     HEADER:
>         opcode = QUERY, id = 3, rcode = NOERROR
>         header flags:  response, recursion avail.
>         questions = 1,  answers = 0,  authority records = 2,  additional =
0
> 
>     QUESTIONS:
>         cphmsgt002a.sas.star-alliance.net, type = A, class = IN
>     AUTHORITY RECORDS:
>     ->  sas.star-alliance.net
>         type = NS, class = IN, dlen = 21
>         nameserver = cphdns01.net.sas.dk
>         ttl = 84786 (23 hours 33 mins 6 secs)
>     ->  sas.star-alliance.net
>         type = NS, class = IN, dlen = 11
>         nameserver = cphdns02.net.sas.dk
>         ttl = 84786 (23 hours 33 mins 6 secs)
> 
> ------------
> *** No address (A) records available for
cphmsgt002a.sas.star-alliance.net.
> > set recurce
> > cphmsgt002a.sas.star-alliance.net.
> Server:  cphfws05.sas.star-alliance.net
> Address:  57.60.12.7
> 
> ------------
> SendRequest(), len 51
>     HEADER:
>         opcode = QUERY, id = 4, rcode = NOERROR
>         header flags:  query, want recursion
>         questions = 1,  answers = 0,  authority records = 0,  additional =
0
> 
>     QUESTIONS:
>         cphmsgt002a.sas.star-alliance.net, type = A, class = IN
> 
> ------------
> ------------
> Got answer (176 bytes):
>     HEADER:
>         opcode = QUERY, id = 4, rcode = NOERROR
>         header flags:  response, auth. answer, want recursion, recursion
> avail.
>         questions = 1,  answers = 1,  authority records = 2,  additional =
2
> 
>     QUESTIONS:
>         cphmsgt002a.sas.star-alliance.net, type = A, class = IN
>     ANSWERS:
>     ->  cphmsgt002a.sas.star-alliance.net
>         type = A, class = IN, dlen = 4
>         internet address = 159.195.93.12
>         ttl = 86400 (1 day)
>     AUTHORITY RECORDS:
>     ->  sas.star-alliance.net
>         type = NS, class = IN, dlen = 21
>         nameserver = cphdns01.net.sas.dk
>         ttl = 86400 (1 day)
>     ->  sas.star-alliance.net
>         type = NS, class = IN, dlen = 11
>         nameserver = cphdns02.net.sas.dk
>         ttl = 86400 (1 day)
>     ADDITIONAL RECORDS:
>     ->  cphdns01.net.sas.dk
>         type = A, class = IN, dlen = 4
>         internet address = 159.195.66.66
>         ttl = 0 (0 secs)
>     ->  cphdns02.net.sas.dk
>         type = A, class = IN, dlen = 4
>         internet address = 159.195.77.77
>         ttl = 0 (0 secs)
> 
> ------------
> Name:    cphmsgt002a.sas.star-alliance.net
> Address:  159.195.93.12
> 
> > set norecurce
> > cphmsgt002a.sas.star-alliance.net
> Server:  cphfws05.sas.star-alliance.net
> Address:  57.60.12.7
> 
> ------------
> SendRequest(), len 51
>     HEADER:
>         opcode = QUERY, id = 5, rcode = NOERROR
>         header flags:  query
>         questions = 1,  answers = 0,  authority records = 0,  additional =
0
> 
>     QUESTIONS:
>         cphmsgt002a.sas.star-alliance.net, type = A, class = IN
> 
> ------------
> ------------
> Got answer (144 bytes):
>     HEADER:
>         opcode = QUERY, id = 5, rcode = NOERROR
>         header flags:  response, recursion avail.
>         questions = 1,  answers = 1,  authority records = 2,  additional =
0
> 
>     QUESTIONS:
>         cphmsgt002a.sas.star-alliance.net, type = A, class = IN
>     ANSWERS:
>     ->  cphmsgt002a.sas.star-alliance.net
>         type = A, class = IN, dlen = 4
>         internet address = 159.195.93.12
>         ttl = 86381 (23 hours 59 mins 41 secs)
>     AUTHORITY RECORDS:
>     ->  sas.star-alliance.net
>         type = NS, class = IN, dlen = 21
>         nameserver = cphdns01.net.sas.dk
>         ttl = 84534 (23 hours 28 mins 54 secs)
>     ->  sas.star-alliance.net
>         type = NS, class = IN, dlen = 11
>         nameserver = cphdns02.net.sas.dk
>         ttl = 84534 (23 hours 28 mins 54 secs)
> 
> ------------
> Non-authoritative answer:
> Name:    cphmsgt002a.sas.star-alliance.net
> Address:  159.195.93.12
> 
> 
> Thanks in advance
> 
> Peter Pedersen
> 
> E-mail: 		peter.pedersen at sas.dk
> Phone:		+45 32 32 6138
> Fax:		+45 32 32 6731
> SAS-mail:	CPHXA/PED
> 
> Scandinavian Airlines Data Denmark A/S
> Afd. CPHXA
> Engvej 165, Postbox 1819
> DK-2300  København S
> 
> 
> 
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com

More information about the bind-users mailing list