Additional Section Cache Without Consulting Authoritative Data - Why?

Sabahattin Gucukoglu mail at sabahattin-gucukoglu.com
Sun Jul 27 02:01:55 UTC 2008 

On Jul 24, 6:40 am, Kevin Darcy wrote:

> I'm showing otherwise. See sequences of queries below:
>
> Query #1: proves that ns2.footprint.net is not in my local cache

Agreed.

> Query #2: shows that the authoritative nameservers for .net are
> providing ns2.footprint.net glue records (among others) for the
> footprint.net delegation. The results of this query are *not* cached,
> since I asked an authoritative nameserver directly, bypassing my local
> resolver.

Yep.

> Query #3: I query ns1.footprint.net recursively. Based on #2 above, I
> know that the glue records for ns2.footprint.net must have been seen in
> the course of resolving this query

You meant, I think, that you queried your local nameserver recursively
for ns1.footprint.net, and yes ns2.footprint.net's address comes back
at you.  But there's something wrong - the TTLs on the records in the
answer, authority and additional sections indicate that you *have*
already cached them.  It isn't 172800; it's slightly less.  So at some
point you must have got the delegations and additional sections from
the .net nameservers cached.  Did you specify a footprint.net
nameserver explicitly to dig as destination for your query?  That
would have done that because you'd've implicitly needed a recursive
query done on that server's address.  If not, there's a time gap.

> Query #4: Immediately afterwards, I query ns2.footprint.net
> non-recursively. It's still not in my cache.

Whatever it is, I'm not agreeing.  And once again, the simple process
of:
# rndc flush
# host -t a -v ns2.footprint.net
gives a record whose TTL is 172800; as it is from the c.gtld-
servers.net nameserver and not any of the footprint.net nameservers
where it is 86400.  And no configuration directive exists in
named.conf for doing what I want (additional-from-auth and additional-
from-cache only apply if you're authoritative only and responding to
authoritative queries).

Any further ideas?  I'm about ready to bug-report this one.

Cheers,
Sabahattin

> % dig ns2.footprint.net +norec
>
> ; <<>> DiG 9.3.0 <<>> ns2.footprint.net +norec
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1956
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ns2.footprint.net. IN A
>
> ;; AUTHORITY SECTION:
> . 3600000 IN NS L.ROOT-SERVERS.net.
> . 3600000 IN NS M.ROOT-SERVERS.net.
> . 3600000 IN NS A.ROOT-SERVERS.net.
> . 3600000 IN NS B.ROOT-SERVERS.net.
> . 3600000 IN NS C.ROOT-SERVERS.net.
> . 3600000 IN NS D.ROOT-SERVERS.net.
> . 3600000 IN NS E.ROOT-SERVERS.net.
> . 3600000 IN NS F.ROOT-SERVERS.net.
> . 3600000 IN NS G.ROOT-SERVERS.net.
> . 3600000 IN NS H.ROOT-SERVERS.net.
> . 3600000 IN NS I.ROOT-SERVERS.net.
> . 3600000 IN NS J.ROOT-SERVERS.net.
> . 3600000 IN NS K.ROOT-SERVERS.net.
>
> ;; Query time: 3 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jul 24 01:33:33 2008
> ;; MSG SIZE rcvd: 243
>
> % dig footprint.net ns +norec @h.gtld-servers.net
>
> ; <<>> DiG 9.3.0 <<>> footprint.net ns +norec @h.gtld-servers.net
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1504
> ;; flags: qr; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 8
>
> ;; QUESTION SECTION:
> ;footprint.net. IN NS
>
> ;; ANSWER SECTION:
> footprint.net. 172800 IN NS ns1.footprint.net.
> footprint.net. 172800 IN NS ns2.footprint.net.
> footprint.net. 172800 IN NS ns3.footprint.net.
> footprint.net. 172800 IN NS ns4.footprint.net.
> footprint.net. 172800 IN NS ns6.footprint.net.
> footprint.net. 172800 IN NS ns7.footprint.net.
> footprint.net. 172800 IN NS ns8.footprint.net.
> footprint.net. 172800 IN NS ns9.footprint.net.
>
> ;; ADDITIONAL SECTION:
> ns1.footprint.net. 172800 IN A 63.208.138.37
> ns2.footprint.net. 172800 IN A 64.152.81.68
> ns3.footprint.net. 172800 IN A 63.208.138.37
> ns4.footprint.net. 172800 IN A 67.72.120.47
> ns6.footprint.net. 172800 IN A 210.8.213.38
> ns7.footprint.net. 172800 IN A 63.209.70.231
> ns8.footprint.net. 172800 IN A 212.187.253.68
> ns9.footprint.net. 172800 IN A 212.162.1.100
>
> ;; Query time: 122 msec
> ;; SERVER: 192.54.112.30#53(h.gtld-servers.net)
> ;; WHEN: Thu Jul 24 01:33:47 2008
> ;; MSG SIZE rcvd: 303
>
> % dig ns1.footprint.net
>
> ; <<>> DiG 9.3.0 <<>> ns1.footprint.net
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1990
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 7
>
> ;; QUESTION SECTION:
> ;ns1.footprint.net. IN A
>
> ;; ANSWER SECTION:
> ns1.footprint.net. 171867 IN A 63.208.138.37
>
> ;; AUTHORITY SECTION:
> footprint.net. 171867 IN NS ns9.footprint.net.
> footprint.net. 171867 IN NS ns1.footprint.net.
> footprint.net. 171867 IN NS ns2.footprint.net.
> footprint.net. 171867 IN NS ns3.footprint.net.
> footprint.net. 171867 IN NS ns4.footprint.net.
> footprint.net. 171867 IN NS ns6.footprint.net.
> footprint.net. 171867 IN NS ns7.footprint.net.
> footprint.net. 171867 IN NS ns8.footprint.net.
>
> ;; ADDITIONAL SECTION:
> ns2.footprint.net. 171867 IN A 64.152.81.68
> ns3.footprint.net. 171867 IN A 63.208.138.37
> ns4.footprint.net. 171867 IN A 67.72.120.47
> ns6.footprint.net. 171867 IN A 210.8.213.38
> ns7.footprint.net. 171867 IN A 63.209.70.231
> ns8.footprint.net. 171867 IN A 212.187.253.68
> ns9.footprint.net. 171867 IN A 212.162.1.100
>
> ;; Query time: 3 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jul 24 01:33:54 2008
> ;; MSG SIZE rcvd: 303
>
> % dig ns2.footprint.net +norec
>
> ; <<>> DiG 9.3.0 <<>> ns2.footprint.net +norec
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 315
> ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;ns2.footprint.net. IN A
>
> ;; AUTHORITY SECTION:
> . 3600000 IN NS H.ROOT-SERVERS.net.
> . 3600000 IN NS I.ROOT-SERVERS.net.
> . 3600000 IN NS J.ROOT-SERVERS.net.
> . 3600000 IN NS K.ROOT-SERVERS.net.
> . 3600000 IN NS L.ROOT-SERVERS.net.
> . 3600000 IN NS M.ROOT-SERVERS.net.
> . 3600000 IN NS A.ROOT-SERVERS.net.
> . 3600000 IN NS B.ROOT-SERVERS.net.
> . 3600000 IN NS C.ROOT-SERVERS.net.
> . 3600000 IN NS D.ROOT-SERVERS.net.
> . 3600000 IN NS E.ROOT-SERVERS.net.
> . 3600000 IN NS F.ROOT-SERVERS.net.
> . 3600000 IN NS G.ROOT-SERVERS.net.
>
> ;; Query time: 4 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Jul 24 01:33:59 2008
> ;; MSG SIZE rcvd: 243
>
> %

More information about the bind-users mailing list