Answers from cache or authority section?
John Horne
john.horne at plymouth.ac.uk
Tue Jun 25 16:52:07 UTC 2013
On Tue, 2013-06-25 at 17:07 +0100, Steven Carr wrote:
> On 25 June 2013 16:53, John Horne <john.horne at plymouth.ac.uk> wrote:
> > So what I now do not understand is why (at home) I can do several
> > reverse lookups for different IP addresses, and they all give me an
> > answer. Likewise if I do something like:
> >
> > dig -x 141.163.99.16 @8.8.8.8
> >
> > I get a non-authoritative answer. If I repeat this for addresses
> > 141.163.99.17, 18, 20 and so on I get answers. In all these cases
> > shouldn't the first lookup work and subsequent ones fail? Using Google's
> > name server, shouldn't it at some point have received the authoritative
> > answer with the AUTHORITY section NS records and so be using those
> > (internal) name servers for subsequent lookups?
>
> Using Google you will get unexpected results, not sure exactly what
> caching engine they use but it doesn't work like most other caching
> servers, they definitely do some jiggery pokery with the results
>
Ah, that is what I was wondering. Thanks.
> I would suggest you install a local copy of BIND configured for
> recursion and let it do the queries for you then you can also use rndc
> to inspect the cache for yourself.
>
Yes, I did try that. Cleared the cache, then ran 'rndc dumpdb' after the
first query, saved the file then ran it again after a second query.
Unfortunately I couldn't see our internal servers being cached at all
(which they should have been after the first query). At that point I
thought I'd ask on the list. I'll repeat the testing to see if I can see
what is going on.
John.
--
John Horne, Plymouth University, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
More information about the bind-users
mailing list