BIND 8.3.x v.s. BIND 8.2.x
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Nov 26 13:37:44 UTC 2002
> Dear Sir:
>
> Is there anything that could help my name server with BIND 8.3.4 ?
>
> That's interesting. My BIND 8.3.4 couldn't resolve
> "www.1000years.com.tw" while others' name servers with BIND 8.2.4 could.
> After I traced the packets DNS sent and received by tcpdump, I found after
> BIND 8.2.4 sent query of the A record of www.1000years.com.tw to
> c.twnic.net.tw, it finish its work. It could tell me about
> www.1000years.com.tw 's A record!!!
> On the other hand, BIND 8.3.4 really sent query to the Name Server
> (210.58.101.193) of 1000years.com.tw , but it couldn't answer the correct
> IP. ( because 210.58.101.193 couldn't answer correctly! )
>
> I really knew that the configuration of Name server of 1000years.com.tw was
> wrong !! So I decided to adjust my config file.
>
> After I set ' fetch-glue no' ( default is yes ) in the config file, My
> BIND 8.3.4 could work correctly! It never sent query to the Name Server of
> 1000years.com.tw again! Following is the 'fetch-glue' option's direction:
>
> -------------------
> fetch-glue
> If yes (the default), the server will fetch "glue" resource records it
> doesn't have when constructing the additional data section of a response.
> fetch-glue no can be used in conjunction with recursion no to prevent the
> server's cache from growing or becoming corrupted (at the cost of requiring
> more work from the client).
> --------------------
>
> well, if BIND's behavior of this kind of query were really affected by the
> option 'fetch-glue', why BIND 8.2.4 always work correctly whether
> 'fetch-glue' is yes or no ?????
1000years.com.tw zone is so badly setup that you are lucky
to get a answer. See the zone contents below and compare to
the delegation.
Turning off 'fetch-glue' prevents the caching server from
getting a NXDOMAIN back to the AAAA query for www.1000years.com.tw
which wipes out the glue A record learnt from the com.tw zone.
* The NSs don't match those in the parent.
* There are no A records in the zone for the NSs listed in the parent.
* The NSs listed in the parent both refer to the same machine.
* The NSs listed in the zone does not exist.
* The SOA's MNAME and RNAME fields are incorrect.
* The SOA's EXPIRE field is too low for reliable operation once
they get a second server.
Mark
; <<>> DiG 8.3 <<>> @ns2.cuhk.edu.hk +norec 1000years.com.tw soa
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43650
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 1000years.com.tw, type = SOA, class = IN
;; AUTHORITY SECTION:
1000years.com.tw. 1D IN NS www.1000years.com.tw.
1000years.com.tw. 1D IN NS 1000years.com.tw.
;; ADDITIONAL SECTION:
www.1000years.com.tw. 1D IN A 210.58.101.193
1000years.com.tw. 1D IN A 210.58.101.193
;; Total query time: 386 msec
;; FROM: drugs.dv.isc.org to SERVER: ns2.cuhk.edu.hk 137.189.6.21
;; WHEN: Wed Nov 27 00:23:01 2002
;; MSG SIZE sent: 34 rcvd: 98
; <<>> DiG 8.3 <<>> axfr 1000years.com.tw @210.58.101.193
; (1 server found)
$ORIGIN 1000years.com.tw.
@ 1H IN SOA 1000y-web. admin. (
1 ; serial
15M ; refresh
10M ; retry
1D ; expiry
1H ) ; minimum
1H IN NS 1000y-web.
1H IN SOA 1000y-web. admin. (
1 ; serial
15M ; refresh
10M ; retry
1D ; expiry
1H ) ; minimum
;; Received 3 answers (3 records).
;; FROM: drugs.dv.isc.org to SERVER: 210.58.101.193
;; WHEN: Wed Nov 27 00:18:54 2002
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list