Lump answers

Christine.Tran at Christine.Tran at
Mon Nov 29 21:32:46 UTC 1999

Mark > A root server will forward any recursive queries asked of it for
Mark > which it does not already have an answer.  This works even if the
Mark > forwarder has to ask the root for information as the forwarder will
Mark > make a non-recursive query to the root server.

Cricket > But internal root name servers, which are what Christine is
Cricket > describing, only know about a small number of apex zones.
Cricket > If you ask an internal root name server about a zone whose
Cricket > ancestor doesn't appear in the root zone, you get NXDOMAIN.

So according to Cricket's example of an internal root server for and a forwarder, recursive query for will get a reply of NXDOMAIN from the root server right away because the root server doesn't know any other zone except And since it thinks it knows everything about the name space, that answer is final. 

But according to Mark, recursive query for will get forwarded to the forwarder because it does not have a ready answer.  Forwarder issues iterative query back to root server, gets an NXDOMAIN, then passes that answer back to root server's original query.  Same answer, but in a roundabout way.  Did I understand you both correctly?  You are saying different things here.  If the forwarder sits on the cusp of the DMZ, it will know and use the real roots, why would it use the fake root to query for to get the NXDOMAIN.  Ok, which is it?


More information about the bind-users mailing list