[Question] Question about recursive queries in BIND9
Hideshi Enokihara
Hideshi.Enokihara at jp.yokogawa.com
Wed Dec 21 06:54:46 UTC 2005
Thank you for your imformation.
On Wed, 21 Dec 2005 06:52:07 +0900
"Mark Andrews" <Mark_Andrews at isc.org> wrote:
> Re: [Question] Question about recursive queries in BIND9
>
> > In article <do8kd6$4pj$1 at sf1.isc.org>,
> > Hideshi Enokihara <Hideshi.Enokihara at jp.yokogawa.com> wrote:
> >
> > > Hi all,
> > >
> > > I have a question regarding recursion behavior of BIND9.
> > >
> > > For example, I assume the following network.
> > >
> > > ----------------
> > >
> > > org domain example.org domain
> > > AP Server1 DNS Server2 DNS Server3
> > > |A.example.org |NS2.example.org |NS3.example.org
> > > |192.168.1.10 | |
> > > Net-y --+--------+----------+--------------------+--
> > > |
> >
> > >
> > > |
> > > |
> > > Router
> > > |
> > > |
> > > |
> > > Net-z --+--------+----------+---
> > > | |
> > > | |
> > > DNS Server1 (BIND9) DNS Client1
> > >
> > > ------------------
> > >
> > > In this network, I ran follwing steps.
> > >
> > > Pre-sequence
> > > A. DNS Client1 send the query(QNAME=A.example.org, QTYPE=A) to DNS
> > > Server2(Authoritative server for org domain).
> > > B. DNS Server2 send the query to DNS Server3(Authoritative server for
> > > example.org domain).
> >
> > Are you sure about this? None of the authoritative servers for the ORG
> > domain that I was able to query (some of them didn't respond when I was
> > testing) have recursion enabled.
> >
> > > C. DNS Server3 send the response(ANSWER NAME=A.example.org, ANSWER
> > > ADDRESS=192.168.1.10) to DNS Server2.
> > > D. DNS Server2 send the response(ANSWER NAME=A.example.org, ANSWER
> > > ADDRESS=192.168.1.10) to DNS Client1.
> > >
> > > Note:At these steps, DNS Server2 caches the answer for QNAME=A.example.org,
> >
> > > QTYPE=A.
> > >
> > > Sequense
> > > 1. DNS Client1 send the query(QNAME=A.example.org, QTYPE=A) to DNS
> > > Server1(BIND9).
> > > 2. DNS Server1(BIND9) send the query to DNS Server2(Authoritative server fo
> > r
> > > org domain).
> > > 3. DNS Server2 send the response(ANSWER NAME=A.example.org, ANSWER
> > > ADDRESS=192.168.1.10) from the cache to DNS Server1(BIND9).
> > >
> > > I expected that BIND9 behave like 4A, but actually, BIND9 behave like 4B.
> > >
> > > 4A. DNS Server1(BIND9) send the response(ANSWER NAME=A.example.org, ANSWER
> > > ADDRESS=192.168.1.10) to Client1.
> > > 4B. DNS send the query to DNS Server3(Authoritative server for example.org
> > > domain).
> >
> > ....
> >
> > > I have a questin about step4A,4B.
> > > Why does not DNS Server1(BIND9) send the response(4A) to DNS Client1?
> > > What is the reason that DNS Server1(BIND9) does not use/trust DNS Server2's
> >
> > > cache information?
> >
> > Did it log a "Lame server" message? When it's asking a server that's
> > supposed to be authoritative, it expects an authoritative answer or a
> > referral, not a non-authoritative answer.
> >
> > > Is this behavior follow the RFC?
> > > #If BIND9 does not use/trust the other DNS server's cache information, as a
> >
> > > result, a lot of traffic will be caused in network.
> > >
> > > Please tell me your opinions.
> >
> > When caching servers query authoritative servers, they don't normally
> > send recursive queries. And top-level authoritative servers don't
> > usually have recursion enabled.
> >
> > --
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> > *** PLEASE don't copy me on replies, I'll read them in the group ***
>
>
> BIND 9 has code to deal with BIND 8 incorrectly returning
> glue in the answer section w/ AA=0.
>
> Mark
Very sorry, I can't understand your meaning.
It would be greatly appreciated if you explain in detail.
I'm sorry for my slack comprehension.
Best Regards,
--
*************************************
Hideshi Enokihara
IPv6 Business
Network & Software Development Dept.
Yokogawa Electric Corporation
More information about the bind-users
mailing list