NS Cache

Kevin Darcy kcd at chrysler.com
Wed Jan 26 20:34:48 UTC 2011 

On 1/25/2011 9:40 PM, pyh at mail.nsbeta.info wrote:
>
> I'm reading the document "Secure DNS Deployment Guide" got from the 
> URL a poster gave in the list.
> The document said:
> When a user types the URL www.example.com into a Web browser, the 
> browser program contacts a type of resolver called a stub resolver 
> that then contacts a local name server (called a recursive name server 
> or resolving name server). The resolving name server will check its 
> cache to determine whether it has valid information (the information 
> is determined to be valid
> on the basis of criteria described later in this document) to provide 
> IP address for the accessed Internet resource 
> (i.e.,www.marketing.example.com). If not, the resolving name server 
> checks the cache to determine whether it has the information regarding 
> the name server for the zone marketing.example.com (since this is the 
> zone that is expected to contain the resource 
> www.marketing.example.com). If the name server!ˉs IP address is in the 
> cache, the resolver!ˉs ne query will be directed against that name 
> server. If the IP address of the name server of marketing.example.com 
> is not available in the cache, the resolver determines whether it has 
> the name server information for a zone that is one level higher than 
> marketing.example.com (i.e., example.com). If the name server 
> information for example.com is not available, the next search will be 
> for the name server of the .com zone in the cache.
>
> I think the statement below is wrong?
>> If not, the resolving name server checks the cache to determine 
>> whether it > has the information regarding the name server for the 
>> zone marketing.example.com (since this is the zone that is expected 
>> to contain > the resource www.marketing.example.com). 
>
>
> How does the resolver know www.marketing.example.com is a domain name 
> or a zone? www.marketing.example.com can also be a zone which has 
> valid NS records. So I was thinking the resolver shall check the cache 
> firstly to see whether it has the NS records for the zone 
> www.marketing.example.com, if not, then to check the NS for 
> marketing.example.com. Am I right?
>

Yeah, it's wrong. A resolver that followed the algorithm described in 
that paper might operate slightly less efficiently than one which 
follows the standard resolver algorithm.

But, hey, it's close enough for government work...

                                                                         
                                                                         
                                         - Kevin

More information about the bind-users mailing list