This topic was disscused in 2009. But I don't know the final decision. Please refer following site: http://t4605.network-dns-bind9-dlz.dnstalk.us/missing-additional-section-t4605.html From: houguang...@hotmail.com To: sjc...@gmail.com CC: bind-users@lists.isc.org Subject: RE: missing ‘additional section’ Date: Thu, 19 Dec 2013 14:34:11 +0000
Dear Steve, In my first dig, no matter that recursion was enabled or not, 'addtional section' was returned. In my second dig, no matter that recursion was enabled or not, 'addtional section' was not returned. What's the different between the two times of dig is as follows: --the first server is bind9.8.6 with dlz not enabled --the seond server is bind9.8.6 with dlz enabled (mysql) Both servers are authoritative servers, not caching servers. Now I want to deploy serveral DNS servers using bind DLZ-mysql, and I want to return additioal sections to internet users in one dns request. One of my view is as follows: view "view_ctcbeijing" { match-clients {CTC_Beijing; }; recursion no; allow-recursion { none; }; allow-transfer {none;};dlz "Mysql zone" { database " mysql {host=127.0.0.1 dbname=cdn ssl=false port=3306 user=cdn pass=cdn } {select zone from dns_records where zone = '$zone$' and view='CTCBeijing' limit 1} {select ttl, type, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') when lower(type) = 'soa' then concat_ws(' ', data, resp_person, serial, refresh, retry, expire, minimum) else data end as mydata from dns_records where zone = '$zone$' and host = '$record$' and (view='CTCBeijing' or view='SOA')} {} {select ttl, type, host, mx_priority, case when lower(type)='txt' then concat('\"', data, '\"') else data end as mydata, resp_person, serial, refresh, retry, expire, minimum from dns_records where zone = '$zone$' and view='CTCBeijing'} {select zone from xfr_table where zone = '$zone$' and client = '$client$' and view='CTCBeijing' limit 1} {update data_count set count = count + 1 where zone ='$zone$' and view='CTCBeijing'}"; }; }; All SOA and NS type of records are in the DB is under SOA view. All A/MX/AAAA/CNAME type of records are in CTCBeijing view. The database script is as follows: #SOA record INSERT INTO dns_records (zone, host, type, data, ttl, view, mx_priority, refresh, retry, expire, minimum, serial, resp_person, primary_ns, data_count) VALUES ('ctyun.cn', '@', 'SOA', 'ns.ctyun.cn.', 3600, 'SOA', NULL, 3600, 3600, 86400, 10, 2008082700, 'root.ctyun.cn.', 'ns1.ctyun.cn.', 0); # NS INSERT INTO dns_records (zone, host, type, data, ttl, view, mx_priority, refresh, retry, expire, minimum, serial, resp_person, primary_ns, data_count) VALUES ('ctyun.cn', '@', 'NS', 'ns1.ctyun.cn.', 3600, 'SOA', NULL, 3600, 3600, 86400, 3600, 2008082700, 'root.ctyun.cn.', 'ns1.ctyun.cn.', 0); INSERT INTO dns_records (zone, host, type, data, ttl, view, mx_priority, refresh, retry, expire, minimum, serial, resp_person, primary_ns, data_count) VALUES ('ctyun.cn', '@', 'NS', 'ns2.ctyun.cn.', 3600, 'SOA', NULL, 3600, 3600, 86400, 3600, 2008082700, 'root.ctyun.cn.', 'ns1.ctyun.cn.', 0); # A record INSERT INTO dns_records (zone,host,type,DATA,view) VALUES ('ctyun.cn', 'ns1', 'A', '124.126.253.202','SOA'); INSERT INTO dns_records (zone,host,type,DATA,view) VALUES ('ctyun.cn', 'ns2', 'A', '124.126.253.203','SOA'); INSERT INTO dns_records (zone,host,type,DATA,view)VALUES ('ctyun.cn', 'www', 'A', '211.162.106.1','CTCBeijing'); INSERT INTO dns_records (zone,host,type,DATA,view)VALUES ('ctyun.cn', 'www', 'A', '211.162.106.2','CTCBeijing'); Regards, Guanghua > Date: Thu, 19 Dec 2013 03:07:44 +0000 > Subject: Re: missing ‘additional section’ > From: sjc...@gmail.com > To: houguang...@hotmail.com > CC: bind-users@lists.isc.org > > On 19 December 2013 00:48, houguanghua <houguang...@hotmail.com> wrote: > > If DLG isn't enabled (bind9+view + zone file , no DB is used), the > > additional section is right. Maybe it's a bug of Bind DLG. > > What is DLG? > > > What I wanted is as follows : > > $ dig @10.3.103.177 www.ctyun.cn > > ; <<>> DiG 9.6-ESV-R10-P1 <<>> @10.3.103.177 www.ctyun.cn > > > > ; (1 server found) > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30600 > > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 > > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > > ;www.ctyun.cn. IN A > > ;; ANSWER SECTION: > > www.ctyun.cn. 3600 IN A 211.162.106.2 > > www.ctyun.cn. 3600 IN A 211.162.106.1 > > ;; AUTHORITY SECTION: > > ctyun.cn. 3600 IN NS ns1.ctyun.cn. > > ctyun.cn. 3600 IN NS ns2.ctyun.cn. > > ;; ADDITIONAL SECTION: > > ns1.ctyun.cn. 3600 IN A 211.16.106.251 > > ns2.ctyun.cn. 3600 IN A 211.16.106.252 > > > > ;; Query time: 137 msec > > ;; SERVER: 10.3.103.177#53(10.3.103.177) > > ;; WHEN: Thu Dec 19 08:43:58 > > ;; MSG SIZE rcvd: 130 > > That might be what you want, but that's not what you asked for, you > asked for the www.ctyun.cn A record. If you want the NS records > explicitly ask for them. Additional is just that, it's additional > data, if the name server that you have queried against has them in > it's cache then it may/may not return them (depending on your config). > My personal preference here is if you are an authoritative server then > you should be returning only what was asked for (config option > minimal-responses = yes), if you are a caching server then chuck > everything back at the client that you have (minimal-responses = no, > the options additional-from-cache and additional-from-auth should > already be set to yes by default and bind will then decide when it's > appropriate to send back additional data). > > In your first dig, recursion was enabled, but it didn't need to do a > recursive request as it is authoritative for the ctyun.cn zone. In > your second dig, recursion is disabled, but it is still authoritative > for the ctyun.cn zone so I'm not sure why it would return the > additional records, it doesn't need to as it's simply additional data. > > Without seeing the bind config it's difficult to diagnose from just a dig > query. > > Steve
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users