FW: missing ‘additional section’

houguanghua houguanghua at hotmail.com
Fri Dec 20 14:18:02 UTC 2013


This topic was disscused in 2009. But I don't know the final decision. 
Please refer following site:
http://t4605.network-dns-bind9-dlz.dnstalk.us/missing-additional-section-t4605.html
 
From: houguanghua at hotmail.com
To: sjcarr at gmail.com
CC: bind-users at lists.isc.org
Subject: RE: missing ‘additional section’
Date: Thu, 19 Dec 2013 14:34:11 +0000




Dear Steve,
 
In my first dig, no matter that recursion was enabled or not, 'addtional section' was returned. In my second dig, no matter that recursion was enabled or not, 'addtional section' was not returned.
What's the different between the two times of dig is as follows:
 --the first server is bind9.8.6 with dlz not enabled
 --the seond server is bind9.8.6 with dlz enabled (mysql)
Both servers are  authoritative servers, not caching servers.
 
Now I want to deploy serveral DNS servers using bind DLZ-mysql, and I want to return additioal sections to internet users in one dns request.
 
One of my view is as follows:
 view "view_ctcbeijing" {
match-clients {CTC_Beijing; };
recursion               no;
allow-recursion         { none; };
allow-transfer          {none;};dlz "Mysql zone" {
 database " mysql
  {host=127.0.0.1 dbname=cdn ssl=false port=3306 user=cdn pass=cdn }
  {select zone from dns_records where zone = '$zone$' and view='CTCBeijing' limit 1}
  {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '$zone$' and host = '$record$' and (view='CTCBeijing' or view='SOA')}
  {}
  {select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '$zone$' and view='CTCBeijing'}
  {select zone from xfr_table where zone = '$zone$' and client = '$client$' and view='CTCBeijing' limit 1}
  {update data_count set count = count + 1 where zone ='$zone$' and view='CTCBeijing'}";
};
}; All SOA and NS type of records are in the DB is under SOA view.  All A/MX/AAAA/CNAME type of records are in CTCBeijing view. The database script is as follows:
 
#SOA record
INSERT INTO dns_records (zone, host, type, data, ttl, view, mx_priority, refresh, retry, expire, minimum, serial, resp_person, primary_ns, data_count) VALUES
 
('ctyun.cn', '@', 'SOA', 'ns.ctyun.cn.', 3600, 'SOA', NULL, 3600, 3600, 86400, 10, 2008082700, 'root.ctyun.cn.', 'ns1.ctyun.cn.', 0);
 
# NS
 
INSERT INTO dns_records (zone, host, type, data, ttl, view, mx_priority, refresh, retry, expire, minimum, serial, resp_person,
 
primary_ns, data_count) VALUES
 
('ctyun.cn', '@', 'NS', 'ns1.ctyun.cn.', 3600, 'SOA', NULL, 3600, 3600, 86400, 3600, 2008082700, 'root.ctyun.cn.', 'ns1.ctyun.cn.', 0);
INSERT INTO dns_records (zone, host, type, data, ttl, view, mx_priority, refresh, retry, expire, minimum, serial, resp_person,
primary_ns, data_count) VALUES
('ctyun.cn', '@', 'NS', 'ns2.ctyun.cn.', 3600, 'SOA', NULL, 3600, 3600, 86400, 3600, 2008082700, 'root.ctyun.cn.', 'ns1.ctyun.cn.', 0); 
# A record
INSERT INTO dns_records (zone,host,type,DATA,view) VALUES ('ctyun.cn', 'ns1', 'A', '124.126.253.202','SOA');
INSERT INTO dns_records (zone,host,type,DATA,view) VALUES ('ctyun.cn', 'ns2', 'A', '124.126.253.203','SOA');
INSERT INTO dns_records (zone,host,type,DATA,view)VALUES ('ctyun.cn', 'www', 'A', '211.162.106.1','CTCBeijing');
INSERT INTO dns_records (zone,host,type,DATA,view)VALUES ('ctyun.cn', 'www', 'A', '211.162.106.2','CTCBeijing');

Regards,
Guanghua   
 
> Date: Thu, 19 Dec 2013 03:07:44 +0000
> Subject: Re: missing ‘additional section’
> From: sjcarr at gmail.com
> To: houguanghua at hotmail.com
> CC: bind-users at lists.isc.org
> 
> On 19 December 2013 00:48, houguanghua <houguanghua at hotmail.com> wrote:
> > If DLG isn't enabled (bind9+view + zone file , no DB is used), the
> > additional section is right.  Maybe it's a bug of Bind DLG.
> 
> What is DLG?
> 
> > What I wanted is as follows :
> > $ dig @10.3.103.177 www.ctyun.cn
> > ; <<>> DiG 9.6-ESV-R10-P1 <<>> @10.3.103.177 www.ctyun.cn
> >
> > ; (1 server found)
> > ;; global options: +cmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30600
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> > ;; WARNING: recursion requested but not available
> > ;; QUESTION SECTION:
> > ;www.ctyun.cn.                  IN      A
> > ;; ANSWER SECTION:
> > www.ctyun.cn.           3600    IN      A       211.162.106.2
> > www.ctyun.cn.           3600    IN      A       211.162.106.1
> > ;; AUTHORITY SECTION:
> > ctyun.cn.               3600    IN      NS      ns1.ctyun.cn.
> > ctyun.cn.               3600    IN      NS      ns2.ctyun.cn.
> > ;; ADDITIONAL SECTION:
> > ns1.ctyun.cn.           3600    IN      A       211.16.106.251
> > ns2.ctyun.cn.           3600    IN      A       211.16.106.252
> >
> > ;; Query time: 137 msec
> > ;; SERVER: 10.3.103.177#53(10.3.103.177)
> > ;; WHEN: Thu Dec 19 08:43:58
> > ;; MSG SIZE  rcvd: 130
> 
> That might be what you want, but that's not what you asked for, you
> asked for the www.ctyun.cn A record. If you want the NS records
> explicitly ask for them. Additional is just that, it's additional
> data, if the name server that you have queried against has them in
> it's cache then it may/may not return them (depending on your config).
> My personal preference here is if you are an authoritative server then
> you should be returning only what was asked for (config option
> minimal-responses = yes), if you are a caching server then chuck
> everything back at the client that you have (minimal-responses = no,
> the options additional-from-cache and additional-from-auth should
> already be set to yes by default and bind will then decide when it's
> appropriate to send back additional data).
> 
> In your first dig, recursion was enabled, but it didn't need to do a
> recursive request as it is authoritative for the ctyun.cn zone. In
> your second dig, recursion is disabled, but it is still authoritative
> for the ctyun.cn zone so I'm not sure why it would return the
> additional records, it doesn't need to as it's simply additional data.
> 
> Without seeing the bind config it's difficult to diagnose from just a dig query.
> 
> Steve
 		 	   		   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20131220/7bcc5c40/attachment.html>


More information about the bind-users mailing list