Am I wrong?

Barry Margolin barmar at genuity.net
Wed Jul 18 15:30:04 UTC 2001 

In article <9j477p$9tt at pub3.rc.vix.com>,
Ben Boulton <sa2500 at eclipse.co.uk> wrote:
>Why is it only this isp that does not see my server first time (it may not
>be the only, but all the other ones I have tried find it first time
>everytime.) What can I do to my zone file or set-up to resolve it?

Assume that the following records are in the server's cache:

co.uk.			IN NS	ns-nom.pipex.net.
co.uk.			IN NS	ns1.nic.uk.
co.uk.			IN NS	ns2.kpnqwest.net.
co.uk.			IN NS	sec-nom.dns.uk.psi.net.

and the corresponding A records for these servers, but none of the NS or A
records relevant to source-fixings.co.uk are cached.

When it gets a query for something in source-fixings.co.uk, it will forward
it to one of the above servers for co.uk.  That server will return:

;; ANSWER SECTION:
source-fixings.co.uk.	4H IN NS	ns0.dilusion.co.uk.
source-fixings.co.uk.	4H IN NS	morpheous.jabnet.uk.com.

;; ADDITIONAL SECTION:
ns0.dilusion.co.uk.	4H IN A		212.113.195.160

The ns0.dilusion.co.uk A record is included in the response because it's a
glue record that these servers know about.  But since they don't handle
..com domains, they don't have any glue records for nameservers in that part
of the DNS hierarchy.  They can't include information that they don't have.

The server will then try querying ns0.dilusion.co.uk.  If the doesn't get a
response, it will look up morpheous.jabnet.uk.com's A record itself.
However, this takes two queries:

1. Query a .COM server, which returns a referral to the UK.COM servers.
2. Query a UK.COM server, which returns the A record (because it happens to
   be a glue record for jabnet.uk.com).

If it weren't a glue record, step 2 would return just a referral to the
jabnet.uk.com servers, and a third query would be needed to get the A
record from there.

Once the server gets this, it then has to retry the original
source-fixings.co.uk query.  I think BIND has a limit on the number of
recursive queries it will perform to satisfy a request, and all of this may
exceed it.  If it doesn't, the client might still time out waiting for all
of it to happen.  The next time the client tries, though, most of the NS
and A records are in the server's cache, so it doesn't need to do as much
work to answer the query.

What this all suggests is that it's best to have the nameservers for a
domain be in the same part of the DNS hierarchy.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list