rfc1034 & bind9 cache - cached glue A RR not available to any clients, even with +norec

Ladislav Vobr lvobr at ies.etisalat.ae
Sun Sep 5 03:06:28 UTC 2004 

why isc bind hiding the cached RRs

1. Why bind9 doesn't provide A RRs, which were received as a referral 
even to the +norec clients.

Rfc1034 does explicitly say.

RFC1034
--snip--
4.3. Name server internals

Note that the name server should never perform recursive
service unless asked via RD, since this interferes with trouble shooting
of name servers and their databases.
...
If recursive service is not requested or is not available, the non-
recursive response will be one of the following:

    - An authoritative name error indicating that the name does not
      exist.

    - A temporary error indication.

    - Some combination of:

      RRs that answer the question, together with an indication
      whether the data comes from a zone or is cached.

      A referral to name servers which have zones which are closer
      ancestors to the name than the server sending the reply.

    - RRs that the name server thinks will prove useful to the
      requester.
--snip--

Simple example:

part of named_dump.db

; glue
ladislav.name.ae.       10778   NS      fake1.ladislav.name.ae.
                         10778   NS      fake2.ladislav.name.ae.
                         10778   NS      fake3.ladislav.name.ae.
                         10778   NS      fake4.ladislav.name.ae.
                         10778   NS      fake5.ladislav.name.ae.
; glue
fake1.ladislav.name.ae. 10778   A       10.1.1.1
; glue
fake2.ladislav.name.ae. 10778   A       10.2.2.2
; glue
fake3.ladislav.name.ae. 10778   A       10.3.3.3
; glue
fake4.ladislav.name.ae. 10778   A       10.4.4.4
; glue
fake5.ladislav.name.ae. 10778   A       10.5.5.5



$ dig a fake1.ladislav.name.ae. +norec

; <<>> DiG 9.2.3 <<>> a fake1.ladislav.name.ae. +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;fake1.ladislav.name.ae.                IN      A

;; AUTHORITY SECTION:
ladislav.name.ae.       10658   IN      NS      fake1.ladislav.name.ae.
ladislav.name.ae.       10658   IN      NS      fake2.ladislav.name.ae.
ladislav.name.ae.       10658   IN      NS      fake3.ladislav.name.ae.
ladislav.name.ae.       10658   IN      NS      fake4.ladislav.name.ae.
ladislav.name.ae.       10658   IN      NS      fake5.ladislav.name.ae.




Ladislav

More information about the bind-users mailing list