Bind can not resolve.

Barry Margolin barmar at alum.mit.edu
Thu Mar 29 02:14:45 UTC 2007 

In article <euf6oj$e9l$1 at sf1.isc.org>,
 Mark Andrews <Mark_Andrews at isc.org> wrote:

> > In article <eud6c6$25r1$1 at sf1.isc.org>,
> >  Mark Andrews <Mark_Andrews at isc.org> wrote:
> > 
> > > > bind9 seem to be unable to resolve if during resolution of an A record 
> > > > a
> > > > CNAME is returned pointing to a parent domain without the corresponding 
> > > > A
> > > > record.
> > > > 
> > > > Example: cname.bind9.expol.us
> > > > 
> > > > Trying CNAME first makes A resolution work, otherwise I get SERVFAIL.
> > > 
> > > 	It would help if the authorative servers actually followed
> > > 	RFC 1034.  The server should be including the A record in
> > > 	the answer as it serves the parent zone.  If should also be
> > > 	returning a referral to the parent zone (not the child zone)
> > > 	if it returns the implicit referral.
> > 
> > While this would certainly make resolution faster, I can't see why 
> > failing to follow the CNAME should cause the resolver to fail.  If the 
> > authoritative server doesn't follow the CNAME automatically, the 
> > resolver should do so, just as it must if the CNAME pointed to a zone 
> > that's hosted on a different server from the CNAME itself.
> 
> 	By not following the algorithm through to conclusion they
> 	generated a bad referral.

What referral?  It looks to me like it's the NS record of the zone 
containing the record being returned.  It's normal behavior to include 
this record in the authority section of a response.

> 
> 	"foo.expol.us" is not a (sub)domain of "bind9.expol.us".
> 
> 	Named rejects this.  Yes we are picky however we have been
> 	burnt too many times by not being picky enough.

> 
> 	Note the response below would be fine if the QTYPE was
> 	CNAME or * as the CNAME is not supposed to be followed
> 	in those cases.

What if the CNAME pointed to a totally unrelated zone that wasn't in the 
authoritative server's cache?  Wouldn't you expect it to return an 
answer just like the one below?

> 
> 	Mark
> 
> ; <<>> DiG 9.3.3 <<>> cname.bind9.expol.us @NS1.expol.us +norec
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34231
> ;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;cname.bind9.expol.us.		IN	A
> 
> ;; ANSWER SECTION:
> cname.bind9.expol.us.	300	IN	CNAME	foo.expol.us.
> 
> ;; AUTHORITY SECTION:
> bind9.expol.us.		7200	IN	NS	ns1.expol.us.
> 
> ;; ADDITIONAL SECTION:
> ns1.expol.us.		7200	IN	A	66.125.246.106
> 
> ;; Query time: 180 msec
> ;; SERVER: 66.125.246.106#53(66.125.246.106)
> ;; WHEN: Thu Mar 29 11:47:21 2007
> ;; MSG SIZE  rcvd: 90
> 
> > 
> > -- 
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> > *** PLEASE don't copy me on replies, I'll read them in the group ***
> > 
> >

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list