DNS "chicken-and-egg" Problem
bsfinkel at anl.gov
bsfinkel at anl.gov
Thu Oct 30 21:07:20 UTC 2008
To summarize this problem -
1) One of my mailers is trying to find the "A" record for
igpp.ucla.edu
so that it can verify that mail from that domain is
legitimate mail.
2) The ucla.edu name servers delegate the zone to a name server
igpp.ucla.edu
I talked with a DNS admin at UCLA, and he told me that they have
in the ucla.edu zone a delegation and glue:
igpp.ucla.edu. 6H IN NS igpp.ucla.edu
igpp.ucla.edu. 6H IN A 128.97.94.1
3) When I query the four ucla.edu name servers, dig returns:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUERY SECTION:
;; igpp.ucla.edu, type = A, class = IN
;; AUTHORITY SECTION:
igpp.ucla.edu. 6H IN NS igpp.ucla.edu.
;; ADDITIONAL SECTION:
igpp.ucla.edu. 6H IN A 128.97.94.1
4) Why is this information not in the cache on my server?
Jinmei Tatuya said it might be due to a cache-clearing bug
in 9.5.0 (I am running 9.5.0-P2). I ran a test with
"max-cache-size 256M", and I did not see the record cached.
And I doubt that the cache was full.
5) Someone (I do not remember who, and I cannot find the reply in
the list archives) pointed out to me that the answers I am
getting from UCLA are not authoritative - the "aa" flag is
missing.
What could cause glue information (that I think is correct) in the
ucla.edu zones to be returned to my server as not authoritative?
I now assume that the reason that my BIND does not cache the glue is
that the glue is not marked authoritative. Thanks.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list