On Mon, Dec 18, 2006 at 12:45:19PM -0800, Karl R. Balsmeier wrote:
> Is there a specific way to set a name server so that clients are always
> *forced* to use an autoritative name server?
What exactly do you mean? What are you trying to achieve?
The DNS architecture looks like this:
application
|
|(lib call)
v
resolver --------------> cache -------------> authoritative
("client") (recursive server
server)
The resolver has a hard-coded list of IP addresses of caches that it will
use, typically only two. It sends the query to one of these, trying another
if there is no response.
The cache then looks at the domain name in the query, locates an
authoritative server which contains that zone, and sends on the query. The
response comes back, the cache keeps a copy, and passes it back to the
resolver.
There's a bit of a terminology problem here; each DNS transaction is a
client-server exchange, so the cache is a "client" when talking to the
authoritative server, and is a "server" when talking to the resolver. But by
"clients" I presume you mean "resolvers".
However, DNS resolver libraries don't have the ability to locate
authoritative servers by following NS records.
This is analogous to E-mail client programs: they don't have the ability to
locate target E-mail servers by following MX records, so they just send all
their outgoing mail to a fixed "smarthost" machine.
So I don't think your question has any meaning. Resolvers only know how to
talk to caches, so if you "forced" them to talk only to authoritative
nameservers, they would not be able to communicate at all (*).
If you want a machine to run independently of any upstream DNS cache, then
you can run a cache locally on that machine, and point the resolver at
127.0.0.1. But you still have not changed the architecture: the resolver is
still using a cache, which just happens to be on the same machine.
Brian.
(*) Except for the special case where the cache is also authoritative for
some zone, and the query happens to be for that zone.
