Different handling of referrals by dig and nslookup

Doug Barton dougb at dougbarton.us
Sat Feb 20 19:43:17 UTC 2010


On 02/20/10 08:51, kalpesh varyani wrote:
> On Sun, Feb 14, 2010 at 8:53 AM, Doug Barton <dougb at dougbarton.us
> <mailto:dougb at dougbarton.us>> wrote:
> 
>     On 02/13/10 18:42, kalpesh varyani wrote:
>
>     What is it that you want to understand? You seem quite focused on
>     figuring out why they are behaving differently, is there some reason
>     why you need to put a non-resolving name server in resolv.conf?
>      
> 
>  
> I guess, I am in one of those specific circumstances. 
> The reason I prefer to have non-resolving name server in resolv.conf is
> as follows: 
>  
> Name server A (the first name server with "recursion no;") was not
> present earlier, and has been newly configured as a name server. Name
> server B, which was previously handling all the name resolution part has
> "recursion yes;"
>  
> Also, I would like my 3rd linux system (from where I try resolving
> names) to send queries to its root servers, only in case my first name
> server fails to resolve the name and sends back a referral. This would
> ensure that my 3rd linux system doesnot send queries to its name server,
> which could have been handled by the name server B (that was specified
> in resolv.conf). This would ensure that the root name server's network
> wont have unnecesary DNS traffic. 

I'm still not sure I understand what you're ultimately trying to
accomplish, however it's pretty clear that what you're doing isn't working.

Are there zones that A is authoritative for that you want your 3rd
system to be able to resolve? If so you should make the B name server
slave those zones, and then you can go back to using it for all
resolving purposes. If B has the authoritative zones loaded in memory
already it will not need to do any external queries for them.

> My basic concern is that, if my 3rd linux system can resolve a name
> using any of the name servers specified in the resolv.conf, then
> it effectively means that the remote system (for which name resolution
> was done) is reachable from my linux system. And if that is the
> case, then a ping to  that system should not fail in the name resolution
> part. 

There are numerous things wrong with the paragraph above. You're making
connections in your mind between things that have nothing to do with one
another. DNS resolution and network reachability are totally different
things.


hope this helps,

Doug

-- 

	... and that's just a little bit of history repeating.
			-- Propellerheads

	Improve the effectiveness of your Internet presence with
	a domain name makeover!    http://SupersetSolutions.com/




More information about the bind-users mailing list