Recursive PTR query behavior

Barry Margolin barmar at alum.mit.edu
Sat Feb 25 17:39:25 UTC 2006


In article <dtn0cj$1tu0$1 at sf1.isc.org>,
 Nobumichi Ozoe <Nobumichi.Ozoe at jp.yokogawa.com> wrote:

> Hi,
> 
> Mark Andrews wrote:
> >>However, when query type is A, Server 1 doesn't go back up to the root 
> >>server.
> >>DNS Server1 believes the glue records from the previouse response from 
> >>Server4.
> >>
> >>Why is the behavior of the DNS server1 different from query type A and PTR?
> > 
> > 
> > 	It's not.  A.EXAMPLE.ORG !=  10.1.168.192.IN-ADDR.ARPA.
> > 
> > 	For the A.EXAMPLE.ORG query each of the referrals the nameservers are
> > 	below the referral point.
> > 
> > 	For 10.1.168.192.IN-ADDR.ARPA only the first referral was below the
> > 	parent zone (.) as viewed from the interative resolver.
> > 
> > 	Mark
> 
> Because authority name gradually becomes closer to the answer,
> I thought that the server believes it.
> Otherwise, a lot of query are sent to root or parent server.
> I think that these behavior happens for E164.ARPA, IP6.ARPA and other domains 
> also.
> 
> Which RFC defines these behavior? Could you teach me?

I don't think it's in any RFC, it's just a design to prevent cache 
poisoning.  Why would you expect the server for something.ARPA to be a 
valid source of information about something.ORG?

Early DNS implementations accepted and cached any additional information 
that was included in a response.  While this can reduce the number of 
queries, it also opened the door to lots of misbehavior.  You would look 
up www.badguy.com, and the response would include NS records for .com or 
google.com pointing to THEIR nameservers, and this would allow them to 
redirect your future lookups to their server and hijack web sites.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list