Forward zone problem: Forward query vs Direct query from the receiving DNS servers perspective.
Kevin Darcy
kcd at daimlerchrysler.com
Mon Mar 27 22:48:30 UTC 2006
Barry Margolin wrote:
>In article <e04rk6$2oen$1 at sf1.isc.org>,
> "Stefanick, Andrew" <astefanick at metasolv.com> wrote:
>
>
>
>>This looks to be working to the conclusion that the target server is
>>providing the wrong answer to my query.
>>
>>
>
>You should be able to confirm that by getting a packet capture of DNS
>traffic between your server and the forwarder.
>
>
>
>>Here is my last question though?
>>
>>Is there a difference between a forwarded request to a DNS server vs a
>>direct query?
>>
>>
>
>A forwarded request will have the Recursion Desired flag set. A direct
>query from a caching server will not. A direct query using the dig
>command will have the flag set unless you specify the +norecurse option.
>
>
>
>>Is there a case where the DNS server will ignore a forwarded request,
>>yet answer the direct query?
>>
>>
>
>If the server is authoritative for the zone in question, I don't think
>it should matter. But if it needs to recurse further, the Recursion
>Desired flag will be significant.
>
Well, *theoretically*, it is possible to match views depending on
whether the query is recursive or not (see "match-recursive-only" in the
ARM), so *theoretically* you could get completely different behavior,
even different authoritative data, on a recursive query _versus_ a
non-recursive one. But this feature is only available in recent versions
of BIND, and I would imagine used extremely rarely, so I doubt very much
it's implicated here.
- Kevin
More information about the bind-users
mailing list