rfc1034 & bind 8.3.4 providing referrals as final answer to recursive clients
Ladislav Vobr
lvobr at ies.etisalat.ae
Sun Sep 5 10:16:30 UTC 2004
Barry Margolin wrote:
> In article <che0fo$1qs2$1 at sf1.isc.org>,
> Ladislav Vobr <lvobr at ies.etisalat.ae> wrote:
>
>
>>2. Why authoritative only Bind 8.3.4 provides referral in the answer
>>section, and glue A records as well
>
>
> In BIND 4 and BIND 8, if the server has the records that you query for,
> it puts them in the Answer section; it treats delegation and glue
> records like cached records. BIND 9 fixed this; delegation or glue
> records are always put in the Authority or Additional sections.
>
>
>>the caching server (bind, which will contact such a authoritative-only
>>server containing only referrals will not follow up to the final
>>authoritative servers with the zone in case of fake3.ladislav.name.ae,
>>the final authoritative servers don't have to exist at all, since they
>>will never be queried to verify with. And this referral records will be
>>provided as a final answer by the caching servers to all recursive clients.
>
>
> I believe that BIND 9 caching name servers *will* follow up to the final
> authoritative servers. They recognize that this is necessary because
> the response from the parent server is marked non-authoritative.
hmm, if I say whole internet think this, I will not be so wrong, but it
is not true, even the latest caching bind9 doesn't really care in this
case about parent giving the authoritative or no.
I always thought bind, if it is not in the cache , it will follow up up
to the only right source (the authoritative name servers), but to our
surprise it can stop anywhere answering recursive requests with any glue
anybody puts.
Ladislav
>
>
>>As per the rfc1034
>>
>>--snip--
>> - The simplest mode for the client is recursive, since in this
>> mode the name server acts in the role of a resolver and
>> returns either an error or the answer, but never referrals.
>> This service is optional in a name server, and the name server
>> may also choose to restrict the clients which can use
>> recursive mode.
>>--snip--
>>
>>Can you see the conflict?
>
>
> That's why it was changed in BIND 9. What's your point?
>
More information about the bind-users
mailing list