caching-only name server not caching or name serving

Michael Kjorling michael at
Sat Jun 22 20:31:36 UTC 2002

Hash: SHA1

On Jun 22 2002 15:13 -0500, Treptow, Craig wrote:

> I'm not sure if a denied query will give a "SERVFAIL" though.

That depends. There are two very different scenarios we have to

(1) You are asking a recursive server, which gets to the point where
all available servers refuse the queries it makes

(2) You are asking one server in particular, which refuse the query

In (1), it would be sensible to return SERVFAIL in response to the
original client's query - the server is clearly unable to answer the
question asked, and the information available is probably of little

In (2), the reasonable response to get is REFUSED, since that is
exactly what the error condition is - the client was not authorized to
ask the question, and it was refused. Note that in case (1), "client"
here refers to the recursive, possibly caching name server.

I have not read the DNS RFCs but believe that this would be codified
in them. That is, what conditions solicit what responses to the
original querying client during recursive resolution.

I really don't think most people need to limit *queries* - limiting
recursion should be enough for most.

Michael Kjörling

- -- 
Michael Kjörling  --  Programmer/Network administrator  ^..^
Internet: michael at -- FidoNet: 2:204/254.4   \/
PGP: 95f1 074d 336d f8f0 f297 6a5b 2aa3 7bfd 8a70 e33e
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Public key is at


More information about the bind-users mailing list