ignored glue

Tue Oct 3 19:26:10 UTC 2000

I think the official answer to this is that BIND 8 lacks "query restart",
that is to say, named will not issue another sysquery in response to a
previous sysquery. Keeping track of nested sysqueries was apparently
difficult to implement within the code structure of BIND 8 (or lack
thereof).

The implication, which I have not personally verified, is that BIND 9
*does* have query restart.

Note that this behavior of BIND 8 is not _usually_ a showstopper, since the
resolver will generally retry the query if it doesn't get an answer. If all
the nameserver needs is an A record to fill into the additional section,
then that takes only a single sysquery, which named can deal with and
return the full answer to the client.

- Kevin

jfc at mit.edu wrote:

> Recent versions of BIND named will drop additional records giving the
> addresses of nameservers if the nameservers are not within the domain
> of the question.  Suppose BIND wants to find the address of a.b.c.d
> and gets this response:
>         Q       A? a.b.c.d
>         AN      (empty)
>         AU      NS e.c.d
>         AR      e.c.d A 1.2.3.4
> named will ignore the nameserver address because e.c.d isn't in the same
> domain as a.b.c.d.  If the address of e.c.d isn't cached the original
> request for a.b.c.d will be dropped and named will attempt to resolve
> the namserver address in the usual way hoping that the client will
> timeout and retransmit the request after named learns the address.
>
> 1. Is this required by the RFCs?  RFC 2181 5.4.1 says that the address
> in this case is in the least trustworthy category of data, but only
> requires that it not be returned as an answer.  There seems to be no
> prohibition on using the address other than as an answer.
>
> 2. Would there be any security problem if named did forward the request
> to address 1.2.3.4?  If the server were going to lie, it could just as
> easily give a false domain name in the NS record.
>
> 3. Do other nameservers act the same?  When did this feature
> get added to BIND?
>
> --
>     John Carr (jfc at mit.edu)