Why is stealth secondary queried for address of primary?
Barry Margolin
barmar at genuity.net
Thu Jun 15 15:03:27 UTC 2000
In article <200006150912.TAA03225 at bsdi.dv.isc.org>,
<Mark.Andrews at nominum.com> wrote:
>> After sending my last post I looked at my Bind log file -- I had query
>> logging enabled on two of my DNS servers, ns1.hank.org and ns2.hank.org.
>>
>> Note that ns2.hank.org is not a RR in the root servers, only ns1, but ns2
>> is listed in my zone file.
>>
>> Right after posting to this list I had a large number of queries to both
>> servers, but I don't understand what was happening.
>>
>> ns1.hank.org was logging queries that looked like this:
>>
>> XX /195.60.31.20/hank.org/A/IN
>>
>> All were simply A queries for hank.org. This I would expect from various
>> MTAs that saw my mail come through.
>>
>> But, on ns2.hank.org almost all of the queries looked like this:
>>
>> XX /132.177.128.99/ns1.hank.org/A/IN
>>
>> ns2.hank.org was being asked for ns1.hank.org's IP address.
>>
>> Is it possible that the MTA isn't trusting the lookup on ns1, so it's
>> asking ns2 for the IP of ns1, just to make sure it asked the right server?
>> But that doesn't make sense since the MTA wouldn't even know about
>> ns2.hank.org (since all requests on ns1 were only for A records, not NS
>> records).
Here's my theory:
ns1.hank.org's A record was originally learned via a glue record from the
..ORG server. Glue records (and other records learned in Additional Info)
aren't considered as reliable as records from a server that's authoritative
for the domain, so its TTL is decreased at an accelerated rate (every time
it's looked up the TTL is dropped by 5%, in addition to the normal time
decrement). So after a while the remote server has the NS record pointing
to ns1 in its cache, but it no longer has that A record, so it needs to ask
one of the other hank.org servers for it.
--
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list