Cisco Distributed Director

Barry Margolin barmar at genuity.net
Fri Jun 16 16:31:03 UTC 2000 

In article <394A17A8.C55BCC00 at exchange.ml.com>,
Dan Considine <dconsidine at exchange.ml.com> wrote:
>Our primary root server does not have recursion disabled.  Clients point to

As the other post said, you seem to be misusing the term "root server".
You probably don't have any root servers, the root servers are machines
like a.root-servers.net, b.root-servers.net, etc.  (Mr. Sexton, please
don't chime in with references to alternative root servers, they're
irrelevant to this issue.)

>our
>primary and secondary DNS servers,  in order to resolve a "DD" domain entry
>the primary or secondary goes to the DD, get's the ip, caches it, then returns
>an
>A record to the client.  The SOA record, by default, on the DD states a zero
>second TTL,  but it takes the primary and secondary 1 second to do this.   If
>there are multiple requests for the DD record within 1 second (which holds
>true in our case) the same ip is given out to all clients.  This brakes the
>load balancing expected from  the DD.  My question is this,  how can I have
>the clients go to the DD themselves for the A record without bypassing the
>primary and secondary DNS servers?

Client machines don't go directly to delegated nameservers.  Almost all
systems only contain stub resolvers, so they send recursive queries to the
server listed in their resolver configuration (DNS Search List on Windows,
/etc/resolv.conf on Unix), which then queries the servers listed in the NS
records.

Since your TTL is 0 seconds, the caching nameserver shouldn't actually
cache the record.  It should forward it to the client machine, and then
discard it.  The next time a client tries to look it up, the caching server
should go back to the DD.  If you have even load balancing configured on
the DD, it should alternate which address it gives out each time.  AFAIK,
the fact that all the queries are coming from the same nameserver shouldn't
matter.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list