DNS "chicken-and-egg" Problem

D. Stussy spam at bde-arc.ampr.org
Mon Oct 27 19:39:51 UTC 2008


<bsfinkel at anl.gov> wrote in message news:ge4n91$15oj$1 at sf1.isc.org...
> I am having problems resolving
>
>      igpp.ucla.edu
>
> When I start a query at the root servers, I eventually get a referral
> to the four name servers for ucla.edu.  When I query each of those
> name servers, I get
>
>      ; (1 server found)
>      ;; res options: init recurs defnam dnsrch
>      ;; got answer:
>      ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
>      ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>      ;; QUERY SECTION:
>      ;;      igpp.ucla.edu, type = A, class = IN
>
>      ;; AUTHORITY SECTION:
>      igpp.ucla.edu.          6H IN NS        igpp.ucla.edu.
>
>      ;; ADDITIONAL SECTION:
>      igpp.ucla.edu.          6H IN A         128.97.94.1
>
> This looks like a proper referral to the one name server for the igpp
> sub-domain.  I also get the "A" record for that name server.
> But when I dump the cache on the nameserver on which I was doing my
> queries, I do not see this glue information cached.  If the information
> is not in the cache, then when I do a query for the "A" record, I find
> that I need that "A" record to be able to query the authoritative
> name server for that sub-domain.  There seems to be a "chicken-and-egg"
> problem.  Why does BIND 9.5.0-P2 not cache the glue information that
> it receives from the four authoritative name servers for ucla.edu?
> Thanks.

Because the GLUE record in the additional section is not authoritative.  I
seem to recall that in the options section, there may exist a directive to
override that.  However, I leave it to you to read the manual and find it.




More information about the bind-users mailing list