forwarder cache
Fred Morris
m3047 at m3047.net
Thu Dec 1 17:45:26 UTC 2022
On Thu, 1 Dec 2022, Hamid Maadani wrote:
> [...] I can see "AUTHORITY: 0" in the answer, and now I understand NS1
> does not cache this because of that (did not know only authority 1
> answers are cached when I sent the initial email.
Confusion of causes and effects: "AUTHORITY:0" is reportage regarding of
an artifact of the message over the wire. There are no records in the
AUTHORITY section, hence this reporting.
> [...] My question still stands: shouldn't NS2 answer with AUTHORITY: 1,
> regardless of DLZ or local-file backend, since the definition for the
> zone is as below?
Have we gotten to 20 questions yet? Here's mine:
Is what's in the "regardless of DLZ or local-file backend" properly
constituted so that the desired information can be conveyed?
Regarding the preamble to your standing question: you need to figure that
out. If nothing else, RFCs should help. Comparing the meta contents of a
working zone to this one: are they the same? By which I mean SOA, NS,
dnssec...
What does a query against that nameserver for NS records for the zone
return?
How does a nameserver know if it is authoritative if the copy of the zone
it relies on (to differentiate from caching) does not list it as
authoritative? (What is the definition of "authoritative"?) What is a
server which is caching the result of querying it supposed to do when it
sees that it is authoritative for that zone? Now, these are good
questions, can't say I definitively know the answer; I have seen enough to
know that people come up with notions.
I strongly suggest starting with a configuration for which an analogous
configuration works, and breaking it from there. What do the contents of
an "authoritative" zone served by an authoritative server configured
to return complete 1024/1025 responses look like? Is the server configured
to return complete responses, and does it have properly constituted zone
data to do so?
I would expect a server so constituted to be able to answer the following
questions when queried on port 53:
* What is the SOA?
* An NS response containing:
* The FQDN of the server;
* resolving to the address at which it was queried.
You don't even have it queryable on port 53 from what I can tell. (You've
got 2^24 IPv4 loopback addresses to work with, right?)
Have fun arguing about whether or not a server which is "authoritative"
should have an NS record in the zone, once you have something which
demonstrably works.
I don't have a lot of patience for "experts" who can't demonstrate a
working system, so I probably won't be back.
--
Fred Morris, internet plumber
More information about the bind-users
mailing list