resolver search order question
kcd at daimlerchrysler.com
Thu May 25 20:29:48 UTC 2006
Right, the purpose of having multiple resolvers in the resolver list is
to enhance availability, not to accommodate disparate namespaces or get
a "second opinion" on lookups. All resolvers in the resolver list are
assumed to have the same data, temporary replication delays
notwithstanding. So, as soon as an answer is received from one resolver,
even if it's a SERVFAIL, NXDOMAIN, NODATA (a pseudo-RCODE meaning
NOERROR and an empty Answer Section, as you'd be getting here for
aj-mail1.ctc.com), it's treated as definitive and the other resolvers
are not consulted.
Norman P. B. Joseph wrote:
>Is this expected resolver behavior? It doesn't fit my understanding,
>but maybe my understanding is at fault. The clients and servers in this
>scenario are all BIND 9.2.4 under RHEL.
>I have the following search order in a client's resolver configuration:
> search ctc.com ctcgsc.org ad.ctcgsc.org
>and I have the following two RRs in our DNS space:
> aj-mail1.ctc.com. MX 0 aj-mail1.ad.ctcgsc.org.
> aj-mail1.ad.ctcgsc.org. A 10.x.x.x
>If I look for an A record for an unqualified "aj-mail1" the query fails,
>but if I fully qualify the name in the query it succeeds. I would have
>expected the resolver to append the domains in the "search" directive in
>order to the query name until it found "aj-mail1.ad.ctcgsc.org".
>I'm guessing that the resolver discovers the label "aj-mail1.ctc.com"
>first, because of the order of domains in the "search" directive, but
>since it is an MX record and not an A record the search fails, but the
>resolver doesn't continue with the other search domains because of the
>existence of the label. Or something like that.
>What's the correct behavior?
More information about the bind-users