Long response for a non-authoritative answers
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Fri Sep 21 00:49:53 UTC 2001
> > > Right. That means that the answer is not in your local cache, so
> > >your local nameserver has to go find the answer before it can display
> > >it to you.
> >
> > But if the answer came from the authoritative server, it should be an
> > authoritative answer. If the answer is non-authoritative, it means it
> came
> > from the cache, so the response time shouldn't have been long.
>
> Actually, BIND 9's different from BIND 8 in that regard. Watch me
> query my BIND 9.2.0rc3 name server for a domain name it doesn't
> have cached:
>
> $ dig cnn.com.
>
> ; <<>> DiG 8.3 <<>> cnn.com.
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 4, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; cnn.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> cnn.com. 15M IN A 64.12.50.249
> cnn.com. 15M IN A 207.25.71.5
> cnn.com. 15M IN A 207.25.71.25
> cnn.com. 15M IN A 207.25.71.27
> cnn.com. 15M IN A 207.25.71.29
> cnn.com. 15M IN A 64.12.48.217
> cnn.com. 15M IN A 64.12.48.249
> cnn.com. 15M IN A 64.12.50.121
> cnn.com. 15M IN A 64.12.50.153
> cnn.com. 15M IN A 64.12.50.217
>
> Note how suspiciously round the TTLs are, and yet no "aa" bit.
>
> Personally, I thought the old behavior, of returning the first answer
> with "aa" set, made a certain amount of sense.
>
> cricket
>
> Men & Mice
> DNS Software & Services
> www.menandmice.com
The answers with AA set were received packets being forwarded.
These sometimes let records through which they really
shouldn't have. Some of the fixes in 8.2.5 address this
sort of leakage.
The fact that there is no AA should make you more comfortable
because then you know ever record in the answer has been
through the cache (and hence the cache protection algorithms).
Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list