forwarder cache

Fred Morris m3047 at m3047.net
Thu Dec 1 17:45:26 UTC 2022 

On Thu, 1 Dec 2022, Hamid Maadani wrote:
> [...] I can see "AUTHORITY: 0" in the answer, and now I understand NS1 
> does not cache this because of that (did not know only authority 1 
> answers are cached when I sent the initial email.

Confusion of causes and effects: "AUTHORITY:0" is reportage regarding of 
an artifact of the message over the wire. There are no records in the 
AUTHORITY section, hence this reporting.

> [...] My question still stands: shouldn't NS2 answer with AUTHORITY: 1, 
> regardless of DLZ or local-file backend, since the definition for the 
> zone is as below?

Have we gotten to 20 questions yet? Here's mine:

   Is what's in the "regardless of DLZ or local-file backend" properly
   constituted so that the desired information can be conveyed?

Regarding the preamble to your standing question: you need to figure that 
out. If nothing else, RFCs should help. Comparing the meta contents of a 
working zone to this one: are they the same? By which I mean SOA, NS, 
dnssec...

What does a query against that nameserver for NS records for the zone 
return?

How does a nameserver know if it is authoritative if the copy of the zone 
it relies on (to differentiate from caching) does not list it as 
authoritative? (What is the definition of "authoritative"?) What is a 
server which is caching the result of querying it supposed to do when it 
sees that it is authoritative for that zone? Now, these are good 
questions, can't say I definitively know the answer; I have seen enough to 
know that people come up with notions.

I strongly suggest starting with a configuration for which an analogous 
configuration works, and breaking it from there. What do the contents of 
an "authoritative" zone served by an authoritative server configured 
to return complete 1024/1025 responses look like? Is the server configured 
to return complete responses, and does it have properly constituted zone 
data to do so?

I would expect a server so constituted to be able to answer the following 
questions when queried on port 53:

* What is the SOA?

* An NS response containing:

   * The FQDN of the server;

   * resolving to the address at which it was queried.

You don't even have it queryable on port 53 from what I can tell. (You've
got 2^24 IPv4 loopback addresses to work with, right?)

Have fun arguing about whether or not a server which is "authoritative" 
should have an NS record in the zone, once you have something which 
demonstrably works.

I don't have a lot of patience for "experts" who can't demonstrate a 
working system, so I probably won't be back.

--

Fred Morris, internet plumber

More information about the bind-users mailing list