recursive queries?
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 12 18:13:14 UTC 2002
"Tom K." wrote:
> On 11 Nov 2002 20:17:32 -0000, Kevin Darcy <kcd at daimlerchrysler.com> wrote:
>
> >This is probably because of external aliases. If you have a CNAME pointing to
> >a name in a zone you don't control, then when you get a query for that name,
> >named will internally "attempt" to fetch the data for the CNAME target, but
> >when it realizes that it would have to recurse to get the data, it logs it as
> >an unsuccessful recursion attempt.
> >
> >Also, I think there are some broken/lazy resolvers out there which will
> >automatically send a query for the CNAME target to the same place they just
> >got the CNAME, regardless of whether it has any reason to believe the server
> >is authoritative for that data. This might be a misguided attempt at
> >optimization: I say "misguided" because if the responding server was
> >authoritative for the CNAME target, it probably would have returned it in the
> >original response (and the percentage of cases where this would push the
> >response over the 512-byte UDP limit is undoubtedly very low).
> >
> Thanks Kevin,
>
> that makes sense to me. But I found another explanation. I talked to an MS
> Expert today and he told me that newer versions of IE do also reverse
> queries which could also lead to the recursive queries. So if someone who
> is not our customer uses our DNS, will also get an recursive query denied.
But unless you're in the delegation chain for the reverse name, why would the
reverse query be coming to your servers? Maybe this is just another manifestation
of the brokenness/laziness to which I alluded earlier...
- Kevin
More information about the bind-users
mailing list