[Question] Question about recursive queries in BIND9
Hideshi Enokihara
Hideshi.Enokihara at jp.yokogawa.com
Wed Dec 21 06:45:34 UTC 2005
Thank you for your reply.
On Wed, 21 Dec 2005 05:05:10 +0900
"Barry Margolin" <barmar at alum.mit.edu> wrote:
> Re: [Question] Question about recursive queries in BIND9
>
> In article <do8kd6$4pj$1 at sf1.isc.org>,
> Hideshi Enokihara <Hideshi.Enokihara at jp.yokogawa.com> wrote:
>
> > Hi all,
> >
> > I have a question regarding recursion behavior of BIND9.
> >
> > For example, I assume the following network.
> >
> > ----------------
> >
(*sub-domain for DNS Server2's domain)
> > org domain example.org domain
> > AP Server1 DNS Server2 DNS Server3
> > |A.example.org |NS2.example.org |NS3.example.org
> > |192.168.1.10 | |
> > Net-y --+--------+----------+--------------------+--
> > |
> > |
> > |
> > |
> > Router
> > |
> > |
> > |
> > Net-z --+--------+----------+---
> > | |
> > | |
> > DNS Server1 (BIND9) DNS Client1
> >
> > ------------------
> >
> > In this network, I ran follwing steps.
> >
> > Pre-sequence
> > A. DNS Client1 send the query(QNAME=A.example.org, QTYPE=A) to DNS
> > Server2(Authoritative server for org domain).
> > B. DNS Server2 send the query to DNS Server3(Authoritative server for
> > example.org domain).
>
> Are you sure about this? None of the authoritative servers for the ORG
> domain that I was able to query (some of them didn't respond when I was
> testing) have recursion enabled.
Of course, I know that top-level domain authoritative servers doesn't send recursive query in real world.
This toplogy is not actual network(real world).
I made this topology locally.
In this topology, important thing is DNS server2 have cache for query(QNAME=A.example.org, QTYPE=A).
> > C. DNS Server3 send the response(ANSWER NAME=A.example.org, ANSWER
> > ADDRESS=192.168.1.10) to DNS Server2.
> > D. DNS Server2 send the response(ANSWER NAME=A.example.org, ANSWER
> > ADDRESS=192.168.1.10) to DNS Client1.
> >
> > Note:At these steps, DNS Server2 caches the answer for QNAME=A.example.org,
> > QTYPE=A.
> >
> > Sequense
> > 1. DNS Client1 send the query(QNAME=A.example.org, QTYPE=A) to DNS
> > Server1(BIND9).
> > 2. DNS Server1(BIND9) send the query to DNS Server2(Authoritative server for
> > org domain).
> > 3. DNS Server2 send the response(ANSWER NAME=A.example.org, ANSWER
> > ADDRESS=192.168.1.10) from the cache to DNS Server1(BIND9).
> >
> > I expected that BIND9 behave like 4A, but actually, BIND9 behave like 4B.
> >
> > 4A. DNS Server1(BIND9) send the response(ANSWER NAME=A.example.org, ANSWER
> > ADDRESS=192.168.1.10) to Client1.
> > 4B. DNS send the query to DNS Server3(Authoritative server for example.org
> > domain).
>
> ....
>
> > I have a questin about step4A,4B.
> > Why does not DNS Server1(BIND9) send the response(4A) to DNS Client1?
> > What is the reason that DNS Server1(BIND9) does not use/trust DNS Server2's
> > cache information?
>
> Did it log a "Lame server" message? When it's asking a server that's
> supposed to be authoritative, it expects an authoritative answer or a
> referral, not a non-authoritative answer.
No. I couldn't find any "Lame server" messages.
> > Is this behavior follow the RFC?
> > #If BIND9 does not use/trust the other DNS server's cache information, as a
> > result, a lot of traffic will be caused in network.
> >
> > Please tell me your opinions.
>
> When caching servers query authoritative servers, they don't normally
> send recursive queries. And top-level authoritative servers don't
> usually have recursion enabled.
>
I don't care about top-level authoritative servers behavior.
My question forcses on following.
Why does not BIND9 use/trust cache information from non-authoritative server?
Please tell me your opinion.
I'm sorry for your time is spent.
Best Regards,
--
*************************************
Hideshi Enokihara
IPv6 Business
Network & Software Development Dept.
Yokogawa Electric Corporation
More information about the bind-users
mailing list