does authority named require the external name servers?
cet1 at cam.ac.uk
Mon May 2 19:36:15 UTC 2011
On May 2 2011, Torinthiel wrote:
>On 05/02/11 14:20, Jeff Pang wrote:
>> 2011/5/2 Jeff Pang <jeffrpang at gmail.com>:
>>> 2011/5/2 Torinthiel <torinthiel at data.pl>:
>>>> Authority named never sends queries on it's own, only responds to
>>>> submitted queries.
>>> Doesn't it execute iterative query from the root server?
>>> For example, given the nameserver is authority for abc.com.
>>> And abc.com has two NS RRs:
>>> abc.com. IN NS ns1.def.com.
>>> abc.com. IN NS ns2.def.com.
>>> def.com is authoritative resolved by other nameservers.
>>> If there is no correct nameserver list in /etc/resolv.conf, then this
>>> named can't find ns1.def.com and ns2.def.com?
>As you've noticed below, named will be able to find it. But why should
>it? First, if it's authorative for abc.com than it's probably one of
It could be a stealth slave, or a hidden master.
> and second, a response with only nameservers and without
>their addresses is perfectly valid response. And not that unusual too.
>BIND will not add glue records for nameservers in zones which it's not
>authorative for. So in this example if said server is also authorative
>for def.com, than it knows ns.def.com addresses without querying
>root servers. If it is not, it won't add glue records no matter what.
It will need to know the addresses of ns1.def.com & ns2.def.com to
send them NOTIFY packets when the zone is updated (unless that has
been suppressed). But it gets those by (if necessary) recursive
lookups based on its root hints (compiled in or otherwise), not
by using the OS resolver.
Email: cet1 at cam.ac.uk
More information about the bind-users