Different behaviour of BIND DNS vs. MS DNS in regards to delegati on/forwarding

Danny Mayer mayer at gis.net
Sun Sep 15 02:10:08 UTC 2002


At 02:29 AM 9/14/02, LUEDER,SVEN (HP-Germany,ex2) wrote:

>Hello,
>
>i would like to ask you for your opinion about a different behaviour of
>ISC's BIND and Microsofts Windows 2000 DNS server.
>
>We are talking about the following scenario:
>- the DNS server is either ISC's BIND (e.g. version 9.2.1) or Microsoft
>Windows 2000 DNS

Upgrade BIND to 9.2.2rc1 on Windows.  There was a bug in 9.2.1 which
caused it to poll 1000 times faster than it should have.

>- the DNS server is configured to allow recursive queries
>- the DNS server is configured to use a global forwarder
>- the DNS server is authoritative for a DNS zone foo.com
>- the DNS zone foo.com contains a delegation to zone test.foo.com
>- There is no selective/zone-based forwarding configured on DNS zone
>foo.com.
>- the DNS server which hosts test.foo.com zone is up and running, =
>parenting
>for this zone is configured properly
>
>- A DNS query (type either recursive or non-recursive) now hits the DNS
>server hosting foo.com, requesting a A record of e.g. pc.test.foo.com
>
>If a non-recursive query is used, both types of DNS server (ISC BIND =
>and
>Microsoft Windows 2000) will return the delegation information of the =
>zone
>test.foo.com as the answer.
>In my opinion, this is the expected behaviour.
>
>If a recursive query is used, ISC BIND DNS server will ignore the =
>delegation
>information about test.foo.com in its local zone foo.com.=20
>Instead it forwards the request to the forwarder and passes through the
>forwarders answer.

That's because you told it to.  No doubt you have a forwarders statement
in options. Any query that it is not authorative for or it doesn't have the
answer to in cache gets forwarded for an answer to the forwarders unless
overridden.  You can set up a stub zone for the subdomain on the server
and use an empty forwarders statement to override the default forwarders
to get what you want.

>If a recursive query is used, Microsoft Windows 2000 DNS server uses =
>the
>delegation information in the local zone foo.com.
>It actively queries the DNS server hosting test.foo.com and returns the
>result of this query.
>
>
>I have not found any document or RFC, which states how a DNS server has =
>to
>react in this situation, so i would like to ask you for your opinion.
>I personally believe, that Microsoft's DNS server behaviour is more
>reasonable, but i would like to know your opinion.

You told BIND to behave that way. It's not a matter of what's more reasonable.
In fact, Microsoft's behavior may be wrong if you didn't explicitly tell it not
to forward for the subdomain.

>It would really be kind, if you let me know,
>- if the expected behaviour in this case is documented somewhere
>- if it is not documented, what the expected behaviour should be in =
>your
>opinion
>- if you can see any advantages/disadvantages in ISC's BIND or =
>Microsoft
>Windows 2000 DNS server behaviour

If you post named.conf we can tell you how to do it. It's not right or
wrong, but how you configured the servers.

Danny



More information about the bind-users mailing list