Strange ns answers...
Kevin Darcy
kcd at daimlerchrysler.com
Wed Aug 23 21:56:03 UTC 2000
Rodney Joffe wrote:
> Kevin Darcy wrote:
> >
> > This is probably some sort of are actually answering your queries at different times. Normal?
> > No. Legal? Sure.
>
> As it turns out, it has nothing to do with clustering/load balancing
> setup and different name servers
>
> I've done some digging (pardon the pun) on my own in the absence of a
> response from the usual suspects on namedroppers. It seems to be related
> to RFC 2870.
>
> It appears that RFC 2870 (BCP) suggests that roots not fetch glue
> records for queries, or perform any recursive services.
>
> Specifically... RFC 2870: Root Name Server Operational Requirements. R.
> Bush, D. Karrenberg, M. Kosters, R. Plzak. June 2000. (Format: TXT=21133
> bytes) (Obsoletes RFC2010) (Also BCP0040) (Status: BEST CURRENT
> PRACTICE)
>
> "2.5 Servers MUST provide authoritative responses only from the zones
> they serve. The servers MUST disable recursive lookup, forwarding, or
> any other function that may allow them to provide cached answers. They
> also MUST NOT provide secondary service for any zones other than the
> root and root-servers.net zones. These restrictions help prevent undue
> load on the root servers and reduce the chance of their caching
> incorrect data."
> This effectively means that for any domain that has an authoritative
> name server in another zone, the glue records must be fetched by your
> recursive server.
For any *child* *zone* served by a nameserver whose name is outside of the *parent* *domain*, e.g.
ns2.msas.net serving baylink.com, then yes, if RFC 2870 is strictly adhered to, the requesting
server will have to do an extra lookup to get the address information for the Additional Section.
But RFC 2870 is *not* strictly adhered to: there's still plenty of overlap between the root
servers, the "com" servers, the "net" servers, etc. f.root-servers.net, for instance, consistently
returns ns2.msas.net in the Additional Section of a baylink.com referral, because that root server
also happens to serve "net" and the ns2.msas.net address record is held as glue for the msas.net
domain.
None of this, however, has anything to do with your inconsistent Additional Sections from 4.2.2.1,
which is neither a root, "com" or "net" server, for a baylink.com NS query. I still maintain that
you got those responses from different nameservers.
- Kevin
More information about the bind-users
mailing list