On May 2 2011, Torinthiel wrote:
On 05/02/11 14:20, Jeff Pang wrote:
2011/5/2 Jeff Pang <jeffrp...@gmail.com>:
2011/5/2 Torinthiel <torinth...@data.pl>:
Authority named never sends queries on it's own, only responds to
submitted queries.
Doesn't it execute iterative query from the root server?
For example, given the nameserver is authority for abc.com.
And abc.com has two NS RRs:
abc.com. IN NS ns1.def.com.
abc.com. IN NS ns2.def.com.
def.com is authoritative resolved by other nameservers.
If there is no correct nameserver list in /etc/resolv.conf, then this
named can't find ns1.def.com and ns2.def.com?
As you've noticed below, named will be able to find it. But why should
it? First, if it's authorative for abc.com than it's probably one of
ns[12].def.com,
It could be a stealth slave, or a hidden master.
and second, a response with only nameservers and without
their addresses is perfectly valid response. And not that unusual too.
BIND will not add glue records for nameservers in zones which it's not
authorative for. So in this example if said server is also authorative
for def.com, than it knows ns[12].def.com addresses without querying
root servers. If it is not, it won't add glue records no matter what.
It will need to know the addresses of ns1.def.com & ns2.def.com to
send them NOTIFY packets when the zone is updated (unless that has
been suppressed). But it gets those by (if necessary) recursive
lookups based on its root hints (compiled in or otherwise), not
by using the OS resolver.
--
Chris Thompson
Email: c...@cam.ac.uk
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
