rfc1034 & bind9 cache - cached glue A RR not available to any clients, even with +norec
Ladislav Vobr
lvobr at ies.etisalat.ae
Sun Sep 5 03:06:28 UTC 2004
why isc bind hiding the cached RRs
1. Why bind9 doesn't provide A RRs, which were received as a referral
even to the +norec clients.
Rfc1034 does explicitly say.
RFC1034
--snip--
4.3. Name server internals
Note that the name server should never perform recursive
service unless asked via RD, since this interferes with trouble shooting
of name servers and their databases.
...
If recursive service is not requested or is not available, the non-
recursive response will be one of the following:
- An authoritative name error indicating that the name does not
exist.
- A temporary error indication.
- Some combination of:
RRs that answer the question, together with an indication
whether the data comes from a zone or is cached.
A referral to name servers which have zones which are closer
ancestors to the name than the server sending the reply.
- RRs that the name server thinks will prove useful to the
requester.
--snip--
Simple example:
part of named_dump.db
; glue
ladislav.name.ae. 10778 NS fake1.ladislav.name.ae.
10778 NS fake2.ladislav.name.ae.
10778 NS fake3.ladislav.name.ae.
10778 NS fake4.ladislav.name.ae.
10778 NS fake5.ladislav.name.ae.
; glue
fake1.ladislav.name.ae. 10778 A 10.1.1.1
; glue
fake2.ladislav.name.ae. 10778 A 10.2.2.2
; glue
fake3.ladislav.name.ae. 10778 A 10.3.3.3
; glue
fake4.ladislav.name.ae. 10778 A 10.4.4.4
; glue
fake5.ladislav.name.ae. 10778 A 10.5.5.5
$ dig a fake1.ladislav.name.ae. +norec
; <<>> DiG 9.2.3 <<>> a fake1.ladislav.name.ae. +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 0
;; QUESTION SECTION:
;fake1.ladislav.name.ae. IN A
;; AUTHORITY SECTION:
ladislav.name.ae. 10658 IN NS fake1.ladislav.name.ae.
ladislav.name.ae. 10658 IN NS fake2.ladislav.name.ae.
ladislav.name.ae. 10658 IN NS fake3.ladislav.name.ae.
ladislav.name.ae. 10658 IN NS fake4.ladislav.name.ae.
ladislav.name.ae. 10658 IN NS fake5.ladislav.name.ae.
Ladislav
More information about the bind-users
mailing list