Caching DNS server still queries forwarding nameservers

Wed Apr 19 21:29:28 UTC 2000

Your assumption is valid, queries should only be forwarded if they aren't
already cached. The TTL on www.fogdog.com is a day, so generally you shouldn't
be seeing forwarded queries for that name less than a day apart, unless you
happened to get an entry which had already been aged by your upstream
nameserver. However, the forwarded queries you're seeing via tcpdump may not be
for www.fogdog.com, perhaps they are just triggered by the www.fogdog.com
queries. Maybe they are queries for 1.0.0.127.in-addr.arpa or for the root
zone, or something else. You need better diagnostics. Try turning on debugging.

If you turn off forwarding, do you get the same behavior?

- Kevin

Nelson, Brad wrote:

> Greetings all, I'm trying to set up a simple caching name server on my Linux
> box. I have a permanent Internet connection with a static IP address, so
> that part is pretty easy. My ISP has DNS servers that I wish to use as
> forwarders.
>
> I've installed and configured BIND 8 as per the Linux DNS HOW-TO, and the
> good news is that the server actually does work, insofar as it goes to my
> local server first:
>
> nslookup www.fogdog.com
> Server:  localhost
> Address:  127.0.0.1
>
> Non-authoritative answer:
> Name:    www.fogdog.com
> Address:  209.1.55.139
>
> However, a tcpdump reveals that, even after repeated nslookups, my ISP's DNS
> servers (which I have set up as forwarders) still get hit on each request;
> in the example below, I have tcpdump running in the background, thus it
> spews out it's results in near-real-time:
>
> $ nslookup www.fogdog.com
> 15:20:10.857028 h84-212-210-245.notarealdomain.net.1499 > dns2.domain:
> 21474+ (27)
> Server:  localhost
> Address:  127.0.0.1
>
> Non-authoritative answer:
> Name:    www.fogdog.com
> Address:  209.1.55.139
>
> 15:20:10.947028 dns2.domain > h84-212-210-245.notarealdomain.net.1499: 21474
> NXDomain 0/1/0 (100)
>
> The whole h84-xxxxxx thing is my ISP-assigned address (munged), and dns2 is
> of course their DNS server. I get the same results every time I run a
> lookup; it always still goes to the ISP DNS.
>
> My assumption would be that if my caching nameserver were working properly,
> it would not have to query the ISP DNS on subsequent lookups of the same
> address; in other words, I would expect to see no traffic to the net with
> just a simple lookup on the second and subsequent tries. Is this a valid
> assumption?
>
> Here is my config right now, though I've tried a multitude of different
> things with the same result:
>
> /etc/resolv.conf:
>
> nameserver 127.0.0.1
>
> // Config file for caching only name server
>
> options {
>         directory "/var/named";
>
>       forward first;
>        forwarders {
>                 xxx.xxx.xxx.xxx; // **NOTE** I have the real servers in my
> actual file
>                 xxx.xxx.xxx.yyy;
>        };
>
>         // Uncommenting this might help if you have to go through a
>         // firewall and things are not working out:
>
>         // query-source port 53;
> };
>
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "pz/127.0.0";
> };
>
> zone "." {
>         type hint;
>         file "root.hints";
>
> /var/named/root.hints:
>
> ; <<>> DiG 2.2 <<>> @h.root-servers.net
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
> ;; flags: qr aa rd; Ques: 1, Ans: 13, Auth: 0, Addit: 13
> ;; QUESTIONS:
> ;;      ., type = NS, class = IN
>
> ;; ANSWERS:
> .       518400  NS      L.ROOT-SERVERS.NET.
> .       518400  NS      M.ROOT-SERVERS.NET.
> .       518400  NS      I.ROOT-SERVERS.NET.
> .       518400  NS      E.ROOT-SERVERS.NET.
> .       518400  NS      D.ROOT-SERVERS.NET.
> .       518400  NS      A.ROOT-SERVERS.NET.
> .       518400  NS      H.ROOT-SERVERS.NET.
> .       518400  NS      C.ROOT-SERVERS.NET.
> .       518400  NS      G.ROOT-SERVERS.NET.
> .       518400  NS      F.ROOT-SERVERS.NET.
> .       518400  NS      B.ROOT-SERVERS.NET.
> .       518400  NS      J.ROOT-SERVERS.NET.
> .       518400  NS      K.ROOT-SERVERS.NET.
>
> ;; ADDITIONAL RECORDS:
> L.ROOT-SERVERS.NET.     3600000 A       198.32.64.12
> M.ROOT-SERVERS.NET.     3600000 A       202.12.27.33
> I.ROOT-SERVERS.NET.     3600000 A       192.36.148.17
> E.ROOT-SERVERS.NET.     3600000 A       192.203.230.10
> D.ROOT-SERVERS.NET.     3600000 A       128.8.10.90
> A.ROOT-SERVERS.NET.     3600000 A       198.41.0.4
> H.ROOT-SERVERS.NET.     3600000 A       128.63.2.53
> C.ROOT-SERVERS.NET.     3600000 A       192.33.4.12
> G.ROOT-SERVERS.NET.     3600000 A       192.112.36.4
> F.ROOT-SERVERS.NET.     3600000 A       192.5.5.241
> B.ROOT-SERVERS.NET.     3600000 A       128.9.0.107
> J.ROOT-SERVERS.NET.     3600000 A       198.41.0.10
> K.ROOT-SERVERS.NET.     3600000 A       193.0.14.129
>
> ;; Total query time: 533 msec
> ;; FROM: nitro to SERVER: h.root-servers.net  128.63.2.53
> ;; WHEN: Tue Apr 18 23:24:18 2000
> ;; MSG SIZE  sent: 17  rcvd: 436
>
> /var/named/pz/127.0.0:
>
> @               IN      SOA     localhost. root.localhost. (
>                                 1       ; Serial
>                                 28800   ; Refresh
>                                 7200    ; Retry
>                                 604800  ; Expire
>                                 86400)  ; Minimum TTL
>                         NS      localhost.
> 1                       PTR     localhost.
>
> I've also tried the "bone stock" 127.0.0 file from the Linux DNS HOW-TO,
> exactly as is appears there, with the "linux.bogus" etc., but same results.
>
> Any ideas? Thanks very much in advance...
>
> Brad