Different handling of referrals by dig and nslookup

kalpesh varyani kalpesh.link at gmail.com
Sat Feb 20 16:51:12 UTC 2010


Hi Doug,

Please find my response inline.


On Sun, Feb 14, 2010 at 8:53 AM, Doug Barton <dougb at dougbarton.us> wrote:

> On 02/13/10 18:42, kalpesh varyani wrote:
>
>> Hi Rick,
>>
>> I am aware that it is a somewhat odd (but not incorrect, am I right ?)
>> to put a non-recursive name server in the resolv.conf
>>
>
> There are certain very specific circumstances where you might want to do
> this, but in general I can't see any reason to do this, and would not
> recommend it.



 but I am not able
>> to understand the behavioral difference of ping/dig and nslookup.
>>
>
> What is it that you want to understand? You seem quite focused on figuring
> out why they are behaving differently, is there some reason why you need to
> put a non-resolving name server in resolv.conf?
>
>

I guess, I am in one of those specific circumstances.
The reason I prefer to have non-resolving name server in resolv.conf is as
follows:

Name server A (the first name server with "recursion no;") was not present
earlier, and has been newly configured as a name server. Name server B,
which was previously handling all the name resolution part has "recursion
yes;"

Also, I would like my 3rd linux system (from where I try resolving names) to
send queries to its root servers, only in case my first name server fails to
resolve the name and sends back a referral. This would ensure that my 3rd
linux system doesnot send queries to its name server, which could have been
handled by the name server B (that was specified in resolv.conf). This would
ensure that the root name server's network wont have unnecesary DNS
traffic.



>  But logically shouldn't it be moving to the next name server when the
>> first one fails even in the case of ping and dig. This is what, I think,
>> one would expect from a resolver.
>>
>
> dig is a DNS diagnostic tool. You asked for an answer, you got an answer.
> The fact that it didn't move on is not a mystery. nslookup is designed to
> get its answers from the system resolver, so the real question is, why did
> ping and nslookup behave differently? But that's really a question for your
> linux distro.
>

My basic concern is that, if my 3rd linux system can resolve a name using
any of the name servers specified in the resolv.conf, then it effectively
means that the remote system (for which name resolution was done) is
reachable from my linux system. And if that is the case, then a ping to
that system should not fail in the name resolution part.



Regards,
Kalpesh
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100220/fc1482e0/attachment.html>


More information about the bind-users mailing list