DNS "chicken-and-egg" Problem
Chris Thompson
cet1 at cam.ac.uk
Fri Oct 31 19:57:08 UTC 2008
On Oct 31 2008, bsfinkel at anl.gov wrote:
>There are a number of problems that arise out of trying to find the
>authoritive answer to the question
>
> What is the "A" record for igpp.ucla.edu?
>
>1) Sometimes I get SERVFAIL when I query my local name servers.
> And I am not sure why.
>
>2) When I query the four UCLA name servers I get an answer, but that
> answer does not have the "aa" bit set.
No, you are *not* getting an "answer". You are getting a referral.
Look carefully and you will see that the A record for igpp.ucla.edu
is in the additional section, not the answer section (which is empty).
What you are seeing is "glue" (which as it happens, does actually
match the authoritative answer you can get from igpp.ucla.edu itself.)
> I am not sure
>
> a) why the "aa" bit is not set, as the answer is coming from an
> authoritative name server.
These servers are *not* authoritative for igpp.ucla.edu: that is
why they are giving a referral. Referrals never have the aa bit set.
There's nothing at all unusual about this. (Well, it's mildly
unusual that igpp.ucla.edu has only one NS record, and that the
nameserver has the same name as the zone.)
> b) why BIND is not cacheing that information. Maybe because the
> information is not marked authoritative? Maybe because the
> DNS cache is being cleaned to aggressively (as JINMEI thinks)?
Certainly not the first, or no referral would ever work.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list