[Question] Question about negative answers from the cache of BIND9
Hideshi Enokihara
Hideshi.Enokihara at jp.yokogawa.com
Tue Dec 20 08:39:51 UTC 2005
Hi all,
On Tue, 20 Dec 2005 07:59:40 +0900
"Kevin Darcy" <kcd at daimlerchrysler.com> wrote:
> Re: [Question] Question about negative answers from the cache of BIND9
>
> Barry Margolin wrote:
>
> >In article <dnve24$2p4n$1 at sf1.isc.org>,
> > Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> >
> >
> >
> >>Hideshi Enokihara wrote:
> >>
> >>
> >>>RFC2308 6 - Negative answers from the cache says,
> >>>
> >>> As with all answers coming from the cache, negative answers SHOULD
> >>> have an implicit referral built into the answer. This enables the
> >>> resolver to locate an authoritative source. An implicit referral is
> >>> characterised by NS records in the authority section referring the
> >>> resolver towards a authoritative source.
> >>>
> >>>This sentence means that DNS server should include NS record in the
> >>>authority section
> >>>when DNS server send the negative answer from the cache, right?
> >>>
> >>>But, DNS Server1(BIND9) does not include NS record in the authority section
> >>>at step6.
> >>>Why does not includ NS record in the authority section when BIND9 send the
> >>>negative answer from the cache?
> >>>
> >>>I think this BIND9's behavior does not follow the RFC.
> >>>How do you think?
> >>>
> >>>
> >>>
> >>Well, a SHOULD is not the same as a MUST, so there is technically no RFC
> >>violation here.
> >>
> >>However, as the reference implementation for DNS, my curiosity is piqued
> >>as to why BIND, of all implementations, would opt for default behavior
> >>that contravenes a SHOULD from the relevant RFC.
> >>
> >>
> >
> >I don't think it really matters. In practice, clients that query a
> >caching server will never query the authoritative servers directly. So
> >they would never use the NS records if they were sent.
> >
> I agree with that _in_the_general_case_, but what about a "forward
> first" setup though? The client in that case might want as many NS
> record sets to cache as reasonably possible, so that it can be "ready to
> go" if the forwarder(s) suddenly became unavailable, i.e. it wouldn't
> have to build up its cache from scratch.
>
> Seems like this should be at least configurable, if not the default
> behavior in accordance with the RFC's SHOULD.
>
I heard the information regarding this topic.
BIND9 will support this behavior as configurable option like follow.
-----------------------------
rfc2308-type1
Setting this to yes will cause the server to send NS records along
with the SOA record for negative answers. The default is no.
Note: Not yet implemented in BIND 9.
----------------------------
Best Regards,
>
> - Kevin
>
>
>
--
*************************************
Hideshi Enokihara
IPv6 Business
Network & Software Development Dept.
Yokogawa Electric Corporation
More information about the bind-users
mailing list