why do glue records *always* *have* to overwrite the cache ?

L. Gabriel Somlo gsomlo at gmail.com
Wed Aug 20 20:39:30 UTC 2008


On Mon, Aug 11, 2008 at 02:45:02PM -0700, =?BIG5?B?SklOTUVJIFRhdHV5YSAvIK+rqfq5Rqt2IDxKaW5tZWlfVGF0dXlhQGlzYy5vcmc+?= wrote:
> At Sun, 10 Aug 2008 19:19:18 -0400,
> "Gabriel Somlo" <gsomlo at gmail.com> wrote:
> > 
> > Everyone seems to take it for granted that "glue records must overwrite
> > the cache", even bind-9.5.1b1/lib/dns/resolver.c, line 4106 explicitly
> > forces the glue data to take precedence over existing cache contents.
> 
> Did you actually confirm this behavior?  As far as I understand the
> code (and I actually checked the behavior previously) BIND9 doesn't
> replace an authoritative RRset with a glue.  Or in other words, it
> strictly follows the rule of RFC2181.

Not being already familiar with BIND code, this took me a while to
unwind... :)

> 
> Codewise, what should be referred to is line 4944 (9.5.1b1) of
> lib/dns/rbtdb.c rather than resolver.c:

Except, in the same file (rbtdb.c), on line 4814, we have

	if ((options & DNS_DBADD_FORCE) != 0)
		trust = dns_trust_ultimate;
	else
		trust = newheader->trust;

Now, back to my original problem in resolver.c, where DNS_DBADD_FORCE
is turned on for glue records received while executing the search
algorithm... Why MUST such records overwrite otherwise valid cache
data ?

Thanks,
Gabriel

> 
> 		 * Trying to add an rdataset with lower trust to a cache DB
> 		 * has no effect, provided that the cache data isn't stale.
> 		 */
> 		if (rbtversion == NULL && trust < header->trust &&
> 		    (header->rdh_ttl > now || header_nx)) {
> 			free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
> 			if (addedrdataset != NULL)
> 				bind_rdataset(rbtdb, rbtnode, header, now,
> 					      addedrdataset);
> 			return (DNS_R_UNCHANGED);
> 		}
> 
> ---
> JINMEI, Tatuya
> Internet Systems Consortium, Inc.


More information about the bind-users mailing list