Lump answers

[Mark_Andrews at iengines.com]

> > A root server will forward any recursive queries asked of it for
> > which it does not already have an answer.  This works even if the
> > forwarder has to ask the root for information as the forwarder will
> > make a non-recursive query to the root server.
> 
> But internal root name servers, which are what Christine is
> describing, only know about a small number of apex zones.
> If you ask an internal root name server about a zone whose
> ancestor doesn't appear in the root zone, you get NXDOMAIN.

My answer is still correct.

The root server in this case has a answer: NXDOMAIN.

> 
> > > >     Before 8.2.2,you will see in syslog: info: No root nameservers
> > > > for class IN
> > >
> > > No, you won't see this in a correctly configured internal root setup.
> >
> >  Christine is correct.
> 
> No, she's not.  In 2, she's describing an internal root setup,
> and a correctly configured internal root name server will
> not log that error message.  It *is* a root name server, so
> why should it?
> 

The error message was generated by attempting to prime the nameserver.
When a nameserver is priming it ignores the hashtab (where the root
zone is loaded) and only looks in fcachetab (where the hints are
loaded).  On a rootserver fcachetab is empty, as result the above
error message is generated.

> >  715.   [clarity]       root servers don't need to be primed.
> >
> > > >     b) forget the hint file all together
> > > >     Result:  nothing works.  syslog will complain: findns: No root
> > > nameservers
> > > >     for class IN?  This is not the same as the info message in case 2.
> > > Case 2
> > > >     applies to root servers only.  You definitely need a hint file,
> but
> > > what
> > > >     goes in it?  Read on.
> > >
> > > This isn't true.  Forward-only name servers have always been able
> > > to run without a root hints file, and in newer verisons of BIND,
> > > you don't even see an error message in this configuration.
> >
> > "Forward only" only works correctly as of BIND 8.2.1.
> > Prior to BIND 8.2 the hints file is required and should be
> > configured with the root servers.  With BIND 8.2 don't even
> > attempt "forward only".
> 
> Forward only worked in previous versions of BIND, too (BIND 4,
> for example).  Even though it would produce an error message,
> the name server would work correctly.

Forward-only *partially* worked in BIND 4 and required a cache zone or
a root stub zone to be present.  The error messages indicate times when
it should have been able to proceed but couldn't due to the fact that
it hadn't primed the cache.

> 
> cricket
> 
> Acme Byte & Wire
> cricket at acmebw.com
> www.acmebw.com
> 
> Attend the next Internet Software Consortium/Acme Byte & Wire
> DNS and BIND class!  See www.acmebw.com/training.htm for
> the schedule and to register for upcoming classes.
> 
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com