Setting up a Root name server

Jim Reid jim at mpn.cp.philips.com
Mon Sep 6 12:15:58 UTC 1999 

>>>>> "chris" == chris  <chris at megabytecoffee.com> writes:

    chris> The root servers only return the list of name servers that
    chris> are authoritative for the domain requested. They, them
    chris> selves will not recurse. I think we all get this point.  It
    chris> would be way to much of a task for the root nameservers to
    chris> go hunting down information them selves.

Indeed. At last we agree on something. :-)

    chris> If you have
    chris> nslookup ask a root nameserver to resolve foo.bar.com it's
    chris> going to perform the recursion it self. It might look like
    chris> the root server actually answered what foo is pointed to
    chris> .. but it didn't, nslookup did all the work.

This is totally wrong. nslookup does not recurse. It doesn't handle
referrals from non-recursive name servers. If you get nslookup to
query a root server for foo.bar.com, it will be returned a referral to
the .com name servers. [Unless that root server has already cached an
answer for foo.bar.com, which is extremely unlikely.] You will get
that response irrespective of whether the query nslookup sends has set
or reset the rd bit - indicating a recursive or non-recursive
query. All you can do with nslookup is set a bit which asks the name
server that gets the query make a recursive lookup or not. It's up to
the name server receiving that request to make that decision. Use
nslookup to ask a root server to resolve www.philips.com. All you'll
get back is a referral to the .com name servers.

Here are some examples which should clarify matters.

	% nslookup
	> set type=any
	> server 172.16.127.68
	
	Default Server:  postel.origin-it.com
	Address:  172.16.127.68

# JR comment: postel is a non-recursive name server for 
# origin-it.com which knows about the philips.com domain

	> set recurse
	> www.sc.philips.com
	Server:  postel.origin-it.com
	Address:  172.16.127.68

	Authoritative answers can be found from:
	philips.com     nameserver = ns0.philips.com
	ns0.philips.com internet address = 130.139.36.37

	... details of other philips.com name servers snipped ...

	> set norecurse
	> www.sc.philips.com
	Server:  postel.origin-it.com
	Address:  172.16.127.68

	Authoritative answers can be found from:
	philips.com     nameserver = ns0.philips.com
	ns0.philips.com internet address = 130.139.36.37

	... details of other philips.com name servers snipped again ...

# Comment: setting and resetting the recursion option makes no
# difference to what answers nslookup gets when it queries a non
# recursive name server for www.sc.philips.com. Both times, nslookup
# is told to go and ask the philips.com name servers because that's
# all postel knows about for the philips.com domain. If it was a
# recursive server, it could have interrogated the philips.com name
# servers and returned the answer. However it isn't so it didn't. It
# just returned the best answer it could: the details of where to find
# name servers for philips.com. nslookup didn't use those referalls to
# query the philips.com name servers for itself. In other words
# nslookup did not recurse, no matter whether its recursion option was
# on or off.

	> server 130.139.64.37
	Default Server:  [130.139.64.37]
	Address:  130.139.64.37

# Comment: 130.139.64.37 is my workstation. It runs a recursive 
# caching name server (obviously).

	> set norecursion
	> www.sc.philips.com

	Authoritative answers can be found from:
	sc.philips.com  nameserver = ns0.philips.com
	ns0.philips.com internet address = 130.139.36.37

	... details of the sc.philips.com name servers snipped ...

	> set recursion
	> www.sc.philips.com
	Server:  [130.139.64.37]
	Address:  130.139.64.37

	www.sc.philips.com      canonical name = scecc02.ehv.sc.philips.com

# Comment: with recursion disabled, nslookup still does not resolve
# www.sc.philips.com because that name wasn't in the cache of the
# local name server. Even though the local name server does recurse,
# it just returns a referral to the sc.philips.com name servers
# because nslookup submitted a non-recursive request. Repeating the
# lookup with recursion enabled makes my local caching-only name
# server resolve www.sc.philips.com and return the answer.

	> set norecursion
	> www.sc.philips.com
	Server:  [130.139.64.37]
	Address:  130.139.64.37

	Non-authoritative answer:
	www.sc.philips.com      canonical name = scecc02.ehv.sc.philips.com

# Comment: I now put nslookup back to non-recursive mode and repeat
# the previous query. This time I get a non-authoritative answer
# because my name server has cached www.sc.philips.com from the
# previous recursive request. It can respond with the cached entry
# without needing to recurse (which it's not do do for this query
# anyway), so that is what it returns.


BTW, we run split DNS. The info I've just presented is from our
internal name space. You won't get the same answers if you repeat
these queries to the Philips & Origin name servers that are reachable
from the Internet.

More information about the bind-users mailing list