rfc1034 & bind 8.3.4 providing referrals as final answer to recursive clients

Ladislav Vobr lvobr at ies.etisalat.ae
Sun Sep 5 10:16:30 UTC 2004 

Barry Margolin wrote:
> In article <che0fo$1qs2$1 at sf1.isc.org>,
>  Ladislav Vobr <lvobr at ies.etisalat.ae> wrote:
> 
> 
>>2. Why authoritative only Bind 8.3.4 provides referral in the answer
>>section, and glue A records as well
> 
> 
> In BIND 4 and BIND 8, if the server has the records that you query for, 
> it puts them in the Answer section; it treats delegation and glue 
> records like cached records.  BIND 9 fixed this; delegation or glue 
> records are always put in the Authority or Additional sections.
> 
> 
>>the caching server (bind, which will contact such a authoritative-only
>>server containing only referrals will not follow up to the final 
>>authoritative servers with the zone in case of fake3.ladislav.name.ae, 
>>the final authoritative servers don't have to exist at all, since they
>>will never be queried to verify with. And this referral records will be
>>provided as a final answer by the caching servers to all recursive clients.
> 
> 
> I believe that BIND 9 caching name servers *will* follow up to the final 
> authoritative servers.  They recognize that this is necessary because 
> the response from the parent server is marked non-authoritative.

hmm,  if I say whole internet think this, I will not be so wrong, but it 
is not true, even the latest caching bind9 doesn't really care in this 
case about parent giving the authoritative or no.

I always thought bind, if it is not in the cache , it will follow up up 
to the only right source (the authoritative name servers), but to our 
surprise it can stop anywhere answering recursive requests with any glue 
anybody puts.

Ladislav
> 
> 
>>As per the rfc1034
>>
>>--snip--
>>    - The simplest mode for the client is recursive, since in this
>>      mode the name server acts in the role of a resolver and
>>      returns either an error or the answer, but never referrals.
>>      This service is optional in a name server, and the name server
>>      may also choose to restrict the clients which can use
>>      recursive mode.
>>--snip--
>>
>>Can you see the conflict?
> 
> 
> That's why it was changed in BIND 9.  What's your point?
>

More information about the bind-users mailing list