Are those extra/useless queries? (fwd)
Hao Shang
hao at cs.wpi.edu
Tue Mar 2 23:41:55 UTC 2004
Thanks for the answer. That makes sense. I checked the Bind8 and it
already has that feature enabled.
One thing need to point out is Bind9.2.3 seems not caring whether the
canonical name is from the same zone as the original query or not, it
always sends query for the cname.
e.g. query to "www.cnn.com" will return
answer with "
www.cnn.com" cname "cnn.com" and
"cnn.com" A "xxx.xxx.xxx.xxx".
Although "cnn.com" does come from the same zone as "www.cnn.com",
Bind9.2.3 will still send another query for "cnn.com". Bind8 won't though.
-------
Hao
On Tue, 2 Mar 2004, Barry Margolin wrote:
> In article <c22dj8$12v1$1 at sf1.isc.org>, Hao Shang <hao at cs.wpi.edu>
> wrote:
>
> > 3) Canonical Name: In the Answer section, the first RR could be a
> > canonical name followed by RRs giving resolutions for the canonical
> > name. The strange thing is why it sends query again for the canonical
> > name even the answers are already included before.
> >
> > Is there an option to tune this behavior?
> >
> > 4) NS RRs: In the Authoritative Nameservers section of a response,
> > name server RRs for a zone are given. And resolutions for them are
> > given in the Additional Section. But I observed sometimes (not
> > always) Bind sends queries for those server names again even
> > resolutions for them are attached before.
> >
> > Is there any option to control this behavior?
>
> I think both of these are attempts to avoid cache poisoning by
> non-authoritative servers. So if the canonical name or NS record is not
> in the same zone as the name that was queried, the additional info
> cannot necessarily be trusted. The server will ask the authoritative
> server for that zone, to ensure that it has the most reliable data.
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
>
>
More information about the bind-users
mailing list