[Question] Question about negative answers from the cache of BIND9

Tue Dec 20 08:39:51 UTC 2005

Hi all,

On Tue, 20 Dec 2005 07:59:40 +0900
"Kevin Darcy" <kcd at daimlerchrysler.com> wrote:

> Re: [Question] Question about negative answers from the cache of BIND9
> 
> Barry Margolin wrote:
> 
> >In article <dnve24$2p4n$1 at sf1.isc.org>,
> > Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> >
> > 
> >
> >>Hideshi Enokihara wrote:
> >>   
> >>
> >>>RFC2308 6 - Negative answers from the cache says,
> >>>
> >>>  As with all answers coming from the cache, negative answers SHOULD
> >>>  have an implicit referral built into the answer.  This enables the
> >>>  resolver to locate an authoritative source.  An implicit referral is
> >>>  characterised by NS records in the authority section referring the
> >>>  resolver towards a authoritative source.
> >>>
> >>>This sentence means that DNS server should include NS record in the
> >>>authority section
> >>>when DNS server send the negative answer from the cache, right?
> >>>
> >>>But, DNS Server1(BIND9) does not include NS record in the authority section
> >>>at step6.
> >>>Why does not includ NS record in the authority section when BIND9 send the
> >>>negative answer from the cache?
> >>>
> >>>I think this BIND9's behavior does not follow the RFC.
> >>>How do you think?
> >>>
> >>>     
> >>>
> >>Well, a SHOULD is not the same as a MUST, so there is technically no RFC
> >>violation here.
> >>
> >>However, as the reference implementation for DNS, my curiosity is piqued
> >>as to why BIND, of all implementations, would opt for default behavior
> >>that contravenes a SHOULD from the relevant RFC.
> >>   
> >>
> >
> >I don't think it really matters.  In practice, clients that query a
> >caching server will never query the authoritative servers directly.  So
> >they would never use the NS records if they were sent.
> >
> I agree with that _in_the_general_case_, but what about a "forward
> first" setup though? The client in that case might want as many NS
> record sets to cache as reasonably possible, so that it can be "ready to
> go" if the forwarder(s) suddenly became unavailable, i.e. it wouldn't
> have to build up its cache from scratch.
> 
> Seems like this should be at least configurable, if not the default
> behavior in accordance with the RFC's SHOULD.
> 

I heard the information regarding this topic.
BIND9 will support this behavior as configurable option like follow.

-----------------------------
rfc2308-type1
Setting this to yes will cause the server to send NS records along  
with the SOA record for negative answers. The default is no.

Note: Not yet implemented in BIND 9.
----------------------------

Best Regards, 
>                                                                         
>                                                                 - Kevin
> 
> 
> 

-- 
*************************************
Hideshi Enokihara
IPv6 Business
Network & Software Development Dept.
Yokogawa Electric Corporation