does authority named require the external name servers?

[Torinthiel]

On 05/02/11 14:20, Jeff Pang wrote:
> 2011/5/2 Jeff Pang <jeffrpang at gmail.com>:
>> 2011/5/2 Torinthiel <torinthiel at data.pl>:
>>
>>> Authority named never sends queries on it's own, only responds to
>>> submitted queries.
>> Doesn't it execute iterative query from the root server?
>>
>> For example, given the nameserver is authority for abc.com.
>> And abc.com has two NS RRs:
>>
>> abc.com.    IN   NS   ns1.def.com.
>> abc.com.    IN   NS   ns2.def.com.
>>
>> def.com is authoritative resolved by other nameservers.
>>
>> If there is no correct nameserver list in /etc/resolv.conf, then this
>> named can't find ns1.def.com and ns2.def.com?
>>
As you've noticed below, named will be able to find it. But why should
it? First, if it's authorative for abc.com than it's probably one of
ns[12].def.com, and second, a response with only nameservers and without
their addresses is perfectly valid response. And not that unusual too.
BIND will not add glue records for nameservers in zones which it's not
authorative for. So in this example if said server is also authorative
for def.com, than it knows ns[12].def.com addresses without querying
root servers. If it is not, it won't add glue records no matter what.

> I think BIND will always have the ability to find all domain-names
> regardless there is valid  entires in /etc/resolv.conf or not, since
> BIND has the ability to execute iterative query from the root server,
> and root server list is built-in.
BIND will be. Rest of the system won't. Unless you ocnfigure BIND to
resolve recursive queries from localhost and put it in /etc/resolv.conf

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110502/3bad87ef/attachment.bin>