NS Cache
Kevin Darcy
kcd at chrysler.com
Wed Jan 26 20:34:48 UTC 2011
On 1/25/2011 9:40 PM, pyh at mail.nsbeta.info wrote:
>
> I'm reading the document "Secure DNS Deployment Guide" got from the
> URL a poster gave in the list.
> The document said:
> When a user types the URL www.example.com into a Web browser, the
> browser program contacts a type of resolver called a stub resolver
> that then contacts a local name server (called a recursive name server
> or resolving name server). The resolving name server will check its
> cache to determine whether it has valid information (the information
> is determined to be valid
> on the basis of criteria described later in this document) to provide
> IP address for the accessed Internet resource
> (i.e.,www.marketing.example.com). If not, the resolving name server
> checks the cache to determine whether it has the information regarding
> the name server for the zone marketing.example.com (since this is the
> zone that is expected to contain the resource
> www.marketing.example.com). If the name server!ˉs IP address is in the
> cache, the resolver!ˉs ne query will be directed against that name
> server. If the IP address of the name server of marketing.example.com
> is not available in the cache, the resolver determines whether it has
> the name server information for a zone that is one level higher than
> marketing.example.com (i.e., example.com). If the name server
> information for example.com is not available, the next search will be
> for the name server of the .com zone in the cache.
>
> I think the statement below is wrong?
>> If not, the resolving name server checks the cache to determine
>> whether it > has the information regarding the name server for the
>> zone marketing.example.com (since this is the zone that is expected
>> to contain > the resource www.marketing.example.com).
>
>
> How does the resolver know www.marketing.example.com is a domain name
> or a zone? www.marketing.example.com can also be a zone which has
> valid NS records. So I was thinking the resolver shall check the cache
> firstly to see whether it has the NS records for the zone
> www.marketing.example.com, if not, then to check the NS for
> marketing.example.com. Am I right?
>
Yeah, it's wrong. A resolver that followed the algorithm described in
that paper might operate slightly less efficiently than one which
follows the standard resolver algorithm.
But, hey, it's close enough for government work...
- Kevin
More information about the bind-users
mailing list