why do glue records *always* *have* to overwrite the cache ?
L. Gabriel Somlo
gsomlo at gmail.com
Wed Aug 20 20:39:30 UTC 2008
On Mon, Aug 11, 2008 at 02:45:02PM -0700, =?BIG5?B?SklOTUVJIFRhdHV5YSAvIK+rqfq5Rqt2IDxKaW5tZWlfVGF0dXlhQGlzYy5vcmc+?= wrote:
> At Sun, 10 Aug 2008 19:19:18 -0400,
> "Gabriel Somlo" <gsomlo at gmail.com> wrote:
> >
> > Everyone seems to take it for granted that "glue records must overwrite
> > the cache", even bind-9.5.1b1/lib/dns/resolver.c, line 4106 explicitly
> > forces the glue data to take precedence over existing cache contents.
>
> Did you actually confirm this behavior? As far as I understand the
> code (and I actually checked the behavior previously) BIND9 doesn't
> replace an authoritative RRset with a glue. Or in other words, it
> strictly follows the rule of RFC2181.
Not being already familiar with BIND code, this took me a while to
unwind... :)
>
> Codewise, what should be referred to is line 4944 (9.5.1b1) of
> lib/dns/rbtdb.c rather than resolver.c:
Except, in the same file (rbtdb.c), on line 4814, we have
if ((options & DNS_DBADD_FORCE) != 0)
trust = dns_trust_ultimate;
else
trust = newheader->trust;
Now, back to my original problem in resolver.c, where DNS_DBADD_FORCE
is turned on for glue records received while executing the search
algorithm... Why MUST such records overwrite otherwise valid cache
data ?
Thanks,
Gabriel
>
> * Trying to add an rdataset with lower trust to a cache DB
> * has no effect, provided that the cache data isn't stale.
> */
> if (rbtversion == NULL && trust < header->trust &&
> (header->rdh_ttl > now || header_nx)) {
> free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
> if (addedrdataset != NULL)
> bind_rdataset(rbtdb, rbtnode, header, now,
> addedrdataset);
> return (DNS_R_UNCHANGED);
> }
>
> ---
> JINMEI, Tatuya
> Internet Systems Consortium, Inc.
More information about the bind-users
mailing list