Forward zone problem: Forward query vs Direct query from the receiving DNS servers perspective.

[Kevin Darcy]

Barry Margolin wrote:

>In article <e04rk6$2oen$1 at sf1.isc.org>,
> "Stefanick, Andrew" <astefanick at metasolv.com> wrote:
>
>  
>
>>This looks to be working to the conclusion that the target server is
>>providing the wrong answer to my query.
>>    
>>
>
>You should be able to confirm that by getting a packet capture of DNS 
>traffic between your server and the forwarder.
>
>  
>
>>Here is my last question though?
>>
>>Is there a difference between a forwarded request to a DNS server vs a
>>direct query?
>>    
>>
>
>A forwarded request will have the Recursion Desired flag set.  A direct 
>query from a caching server will not.  A direct query using the dig 
>command will have the flag set unless you specify the +norecurse option.
>
>  
>
>>Is there a case where the DNS server will ignore a forwarded request,
>>yet answer the direct query?
>>    
>>
>
>If the server is authoritative for the zone in question, I don't think 
>it should matter.  But if it needs to recurse further, the Recursion 
>Desired flag will be significant.
>
Well, *theoretically*, it is possible to match views depending on 
whether the query is recursive or not (see "match-recursive-only" in the 
ARM), so *theoretically* you could get completely different behavior, 
even different authoritative data, on a recursive query _versus_ a 
non-recursive one. But this feature is only available in recent versions 
of BIND, and I would imagine used extremely rarely, so I doubt very much 
it's implicated here.

                                                                         
                                                                     - Kevin