DNS "chicken-and-egg" Problem
D. Stussy
spam at bde-arc.ampr.org
Mon Oct 27 19:39:51 UTC 2008
<bsfinkel at anl.gov> wrote in message news:ge4n91$15oj$1 at sf1.isc.org...
> I am having problems resolving
>
> igpp.ucla.edu
>
> When I start a query at the root servers, I eventually get a referral
> to the four name servers for ucla.edu. When I query each of those
> name servers, I get
>
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
> ;; QUERY SECTION:
> ;; igpp.ucla.edu, type = A, class = IN
>
> ;; AUTHORITY SECTION:
> igpp.ucla.edu. 6H IN NS igpp.ucla.edu.
>
> ;; ADDITIONAL SECTION:
> igpp.ucla.edu. 6H IN A 128.97.94.1
>
> This looks like a proper referral to the one name server for the igpp
> sub-domain. I also get the "A" record for that name server.
> But when I dump the cache on the nameserver on which I was doing my
> queries, I do not see this glue information cached. If the information
> is not in the cache, then when I do a query for the "A" record, I find
> that I need that "A" record to be able to query the authoritative
> name server for that sub-domain. There seems to be a "chicken-and-egg"
> problem. Why does BIND 9.5.0-P2 not cache the glue information that
> it receives from the four authoritative name servers for ucla.edu?
> Thanks.
Because the GLUE record in the additional section is not authoritative. I
seem to recall that in the options section, there may exist a directive to
override that. However, I leave it to you to read the manual and find it.
More information about the bind-users
mailing list