Why is stealth secondary queried for address of primary?

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Thu Jun 15 21:23:34 UTC 2000


> At 07:12 PM 06/15/00 +1000, Mark.Andrews at nominum.com wrote:
> >
> >	Well nameservers send out the current set of nameservers for the
> >	zone as found in the zone.  If you want a server to be a stealh
> >	server don't=A0list it in the zone or the parent zone.
> 
> Yes, I understand that.  I used the wrong term -- I said stealth only
> because it it's not listed in the root servers.  I just haven't updated my
> domain record yet.
> 
> Look at these numbers:
> 
> In eleven minutes after posting a message to this list I had 327 queries to
> ns2.hank.org.  Of those 327, 320 were for asking for the IP of ns1.hank.org.
> 
>     XX /132.177.128.99/ns1.hank.org/A/IN
> 
> There were NO request for the IP of my other two (other three including
> ns2) NS servers listed in my zone.  Only requests to lookup ns1.hank.org.
> NONE of those requesters (by IP number) went on to actually request
> anything from ns1.hank.org once it had it's IP number -- so I'm not sure
> why they bothered to ask.

	Nameservers attempt lookup addresses of nameservers that they 
	discover that they don't currently have in there cache when trying
	to resolve a query so that when they come to having to retry the
	query (or to answer another query for the same zone) they should
	have more chance of success.  This is potentially a recurive process
	that is limited to a distance of 1 from the original clients request.

	ns1 will be asked for ns2's address and ns2 will be asked for ns1's
	address.  Niether server will be asked for the granitecannon servers
	addresses (they will be asked for each others addresses).

	Nameserver that don't promote additional data to answers will query
	a server for its own address. 

	Mark
> 
> Also, since ns2.hank.org is not listed in the root servers, the only way to
> know that ns2.hank.org even exists is from asking ns1.hank.org or
> ns2.granitecanyon.com (ns1.granitecanyon.com still has an old zone file
> without ns2.hank.org listed).  As far as reverse lookup, too additional
> servers know about ns2.hank.org.
> 
> In that same time period, I had 177 requests to ns1.hank.org for A RR for
> hank.org.  This is completely expected from the spam checking that sendmail
> does.
> 
> So I'm just curious what's going on with all these requests, specifically,
> why the requests to ns2.hank.org for the IP of ns1.hank.org.
> 
> 
> 
> 
> Bill Moseley
> mailto:moseley at hank.org
> 
> 
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com



More information about the bind-users mailing list