[Question] Question about negative answers from the cache of BIND9
Hideshi Enokihara
Hideshi.Enokihara at jp.yokogawa.com
Fri Dec 16 02:40:49 UTC 2005
Hi all,
I have a question about negative answer from the cache of BIND9.
For example, I assume the following network.
----------------
example.org domain
AP Server1 DNS Server2
|A.example.org |NS2.example.org
| |
Net-y --+--------+----------+--
|
|
|
Router
|
|
|
Net-z --+--------+----------+---
| |
| |
DNS Server1 (BIND9) DNS Cient1
------------------
In this network, I ran follwing steps.
1.DNS Client1 send the query(QNAME=invalid.example.org, QTYPE=A) to DNS Server1(BIND9).
2.DNS Server1(BIND9) send the query to DNS Server2(Authoritative server for example.org domain).
#Of course, DNS Server1(BIND9) caches the authority server(DNS Server2) of example.org. domain and the Address of DNS Server2.
3.DNS Server2 send the response to DNS Server1(BIND9) with RCODE=3(NXDOMAIN).
4.DNS Server1(BIND9) send the response to DNS Client1 with RCODE=3(NXDOMAIN).
5.Once more DNS Client1 send the query (QNAME=invalid.example.org, QTYPE=A) to DNS Server1(BIND9).
6.DNS Server1(BIND9) send the response to DNS Client1 with RCODE=3(NXDOMAIN) from cache.
This sequence is follow.
DNS Client1 DNS Server1(BIND9) DNS Server2
| | |
|----------------------------->| |
| 1. Send standard query | |
| QNAME=invalid.example.org | |
| QTYPE=A | |
| | |
| |-------------------------------->|
| | 2. Recv standard query |
| | QNAME=invalid.example.org |
| | QTYPE=A |
| | |
| |<--------------------------------|
| | 3. Send standard query response |
| | RCODE=3(NXDOMIN) |
| | QNAME=invalid.example.org |
| | QTYPE=A |
| | AUTHORITY Name=example.org |
| | AUTHORITY TYPE=SOA |
| | |
| | |
| | |
|<-----------------------------| |
| 4. Standard query response | |
| RCODE= 3(NXDOMIN) | |
| QNAME=invalid.example.org | |
| QTYPE=A | |
| AUTHORITY Name=example.org | |
| AUTHORITY TYPE=SOA | |
| | |
|----------------------------->| |
| 5. Send standard query | |
| QNAME=invalid.example.org | |
| QTYPE=A | |
| | |
|<-----------------------------| |
| 6. Standard query response | |
| RCODE= 3(NXDOMIN) | |
| QNAME= invalid.example.org | |
| QTYPE=A | |
| AUTHORITY Name=example.org | |
| AUTHORITY TYPE=SOA | |
| | |
v v v
I have a questin about step6.
RFC2308 6 - Negative answers from the cache says,
As with all answers coming from the cache, negative answers SHOULD
have an implicit referral built into the answer. This enables the
resolver to locate an authoritative source. An implicit referral is
characterised by NS records in the authority section referring the
resolver towards a authoritative source.
This sentence means that DNS server should include NS record in the authority section
when DNS server send the negative answer from the cache, right?
But, DNS Server1(BIND9) does not include NS record in the authority section at step6.
Why does not includ NS record in the authority section when BIND9 send the
negative answer from the cache?
I think this BIND9's behavior does not follow the RFC.
How do you think?
Best Regards,
--
*************************************
Hideshi Enokihara
IPv6 Business
Network & Software Development Dept.
Yokogawa Electric Corporation
More information about the bind-users
mailing list