Different behaviour of BIND DNS vs. MS DNS in regards to delegation/forwarding

Kevin Darcy kcd at daimlerchrysler.com
Mon Sep 16 21:23:13 UTC 2002 

"LUEDER,SVEN (HP-Germany,ex2)" wrote:

> Hello,
>
> i would like to ask you for your opinion about a different behaviour of
> ISC's BIND and Microsofts Windows 2000 DNS server.
>
> We are talking about the following scenario:
> - the DNS server is either ISC's BIND (e.g. version 9.2.1) or Microsoft
> Windows 2000 DNS
> - the DNS server is configured to allow recursive queries
> - the DNS server is configured to use a global forwarder
> - the DNS server is authoritative for a DNS zone foo.com
> - the DNS zone foo.com contains a delegation to zone test.foo.com
> - There is no selective/zone-based forwarding configured on DNS zone
> foo.com.
> - the DNS server which hosts test.foo.com zone is up and running, =
> parenting
> for this zone is configured properly
>
> - A DNS query (type either recursive or non-recursive) now hits the DNS
> server hosting foo.com, requesting a A record of e.g. pc.test.foo.com
>
> If a non-recursive query is used, both types of DNS server (ISC BIND =
> and
> Microsoft Windows 2000) will return the delegation information of the =
> zone
> test.foo.com as the answer.
> In my opinion, this is the expected behaviour.
>
> If a recursive query is used, ISC BIND DNS server will ignore the =
> delegation
> information about test.foo.com in its local zone foo.com.=20
> Instead it forwards the request to the forwarder and passes through the
> forwarders answer.

Well, why do you have forwarding configured in the first place? Do you
actually need it, or are you just aping somebody else's configuration, an
example config or something like that? If you care so much about how your
nameserver resolves names, then maybe you should have spent some time to
understand what the configuration options mean, and using that knowledge,
tune the config to your specific requirements.

> If a recursive query is used, Microsoft Windows 2000 DNS server uses =
> the
> delegation information in the local zone foo.com.
> It actively queries the DNS server hosting test.foo.com and returns the
> result of this query.

Is the MS-DNS server configured to use forwarding? If not, then you are
comparing apples to oranges. In the absence of forwarding, the BIND and
MS-DNS servers operate the same way. You have skewed the results, if you are
using forwarding for one server but not the other, since forwarding
fundamentally alters how the resolver algorithm works within the nameserver
process.


- Kevin

More information about the bind-users mailing list