Additional records in A-Query
Fabian Hahn
fh at dasburo.com
Mon Apr 19 20:49:37 UTC 2010
I do see additional "unsolicited" A-records being returned with CNAME-records and NS-records. They seem to be honored by the forwarders and resolvers on the way back.
In addition i should have mentioned that these records will be hosts in the same domain and this is implemented for a authoritative-only DNS server.
I am hoping that this will decrease the time a user experiences in DNS related delays when viewing a web page referencing several URLs in the domain.
Fabian
> On 4/18/2010 5:17 AM, Fabian Hahn wrote:
> > To speed up queries for the user I need to force the inclusion of additional records in a DNS response.
> >
> > I.e. when returning www.domain.com A I would like to force the inclusion of A-records for static1.domain.com andstatic2.domain.com since they will be used in the same web-page.
> >
> >
> No, you can't convince BIND to include "unsolicited" A-records in a
> response, and even if you could, most resolvers would reject them
> anyway, as Barry pointed out. There are serious security problems with
> accepting A-records that weren't found through the regular iterative
> process. How can you trust that such A-records are legitimate?
>
> Sledgehammer approach: run a "refreshing" script to periodically query
> those names so that you can keep your local cache populated with them.
> The frequency of that script should be tuned to the TTL of the relevant
> records. If your client usage patterns indicate low activity at certains
> times of day/week, then you might want to exclude those times from the
> running of the "refreshing" script, so as to reduce the
> network-bandwidth overhead.
>
>
> - Kevin
More information about the bind-users
mailing list