Re: does authority named require the external name servers?
2011/5/2 Torinthiel torinth...@data.pl: Authority named never sends queries on it's own, only responds to submitted queries. On 02.05.11 20:17, Jeff Pang wrote: Doesn't it execute iterative query from the root server? root servers do not send queries. For example, given the nameserver is authority for abc.com. And abc.com has two NS RRs: abc.com.IN NS ns1.def.com. abc.com.IN NS ns2.def.com. def.com is authoritative resolved by other nameservers. BIND will search for def.com only for recursive queries, not for iterative, and only when the client has recursion allowed on it. If there is no correct nameserver list in /etc/resolv.conf, then this named can't find ns1.def.com and ns2.def.com? the BIND has nothing to do with resolv.conf. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. 10 GOTO 10 : REM (C) Bill Gates 1998, All Rights Reserved! ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does authority named require the external name servers?
2011/5/6 Matus UHLAR - fantomas uh...@fantomas.sk: BIND will search for def.com only for recursive queries, not for iterative, and only when the client has recursion allowed on it. you are totally mis-unstanding me. -- Jeff Pang www.DNSbed.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does authority named require the external name servers?
On 5/2/2011 9:50 PM, Jeff Pang wrote: 2011/5/3 Jeff Pangjeffrp...@gmail.com: 2011/5/3 Chris Thompsonc...@cam.ac.uk: It will need to know the addresses of ns1.def.com ns2.def.com to send them NOTIFY packets when the zone is updated (unless that has been suppressed). But it gets those by (if necessary) recursive lookups based on its root hints (compiled in or otherwise), not by using the OS resolver. Hi Chris, That's what the real question I want to know. For example, my DNS Servers have lots of domains hosting, all the zones have the same NS RRs: ns1.dnsbed.com ns2.dnsbed.com But dnsbed.com is not authority resolved by my own nameservers. So, I was asking when there is not correct entries in /etc/resolv.conf if named will find the ns1 and ns2.dnsbed.com correctly from the root hint. And why I want to make sure it get the results from root hint, because when I update my NS record's values, I want to let BIND know it quickly, not effected by the old TTL. If you want *everyone* to switch over to the new NS records quickly, at the expense of some query churn, you need to lower the TTLs on the NS records prior to the change. If you want just *your* BIND-based resolver(s) to switch over to the new NS records quickly, without all of the churn that's caused by lowering TTLs on NS records, then use rndc flushname right after the NS records have been updated on the authoritative nameservers. Neither of these options have anything whatsoever to do with /etc/resolv.conf or hints files. - Kevin ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
does authority named require the external name servers?
When I run the authority named on a linux/unix like system, but don't put the reachable public nameservers on /etc/resolv.conf. What will happen to the authority named? Will it work right? Thanks. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does authority named require the external name servers?
On 05/02/11 09:16, Jeff Pang wrote: When I run the authority named on a linux/unix like system, but don't put the reachable public nameservers on /etc/resolv.conf. What will happen to the authority named? Will it work right? Authority named never sends queries on it's own, only responds to submitted queries. So it will work correctly, although you won't be able to resolve anything from that box. Torinthiel signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does authority named require the external name servers?
2011/5/2 Jeff Pang jeffrp...@gmail.com: 2011/5/2 Torinthiel torinth...@data.pl: Authority named never sends queries on it's own, only responds to submitted queries. Doesn't it execute iterative query from the root server? For example, given the nameserver is authority for abc.com. And abc.com has two NS RRs: abc.com. IN NS ns1.def.com. abc.com. IN NS ns2.def.com. def.com is authoritative resolved by other nameservers. If there is no correct nameserver list in /etc/resolv.conf, then this named can't find ns1.def.com and ns2.def.com? I think BIND will always have the ability to find all domain-names regardless there is valid entires in /etc/resolv.conf or not, since BIND has the ability to execute iterative query from the root server, and root server list is built-in. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does authority named require the external name servers?
On 05/02/11 14:20, Jeff Pang wrote: 2011/5/2 Jeff Pang jeffrp...@gmail.com: 2011/5/2 Torinthiel torinth...@data.pl: Authority named never sends queries on it's own, only responds to submitted queries. Doesn't it execute iterative query from the root server? For example, given the nameserver is authority for abc.com. And abc.com has two NS RRs: abc.com.IN NS ns1.def.com. abc.com.IN NS ns2.def.com. def.com is authoritative resolved by other nameservers. If there is no correct nameserver list in /etc/resolv.conf, then this named can't find ns1.def.com and ns2.def.com? As you've noticed below, named will be able to find it. But why should it? First, if it's authorative for abc.com than it's probably one of ns[12].def.com, and second, a response with only nameservers and without their addresses is perfectly valid response. And not that unusual too. BIND will not add glue records for nameservers in zones which it's not authorative for. So in this example if said server is also authorative for def.com, than it knows ns[12].def.com addresses without querying root servers. If it is not, it won't add glue records no matter what. I think BIND will always have the ability to find all domain-names regardless there is valid entires in /etc/resolv.conf or not, since BIND has the ability to execute iterative query from the root server, and root server list is built-in. BIND will be. Rest of the system won't. Unless you ocnfigure BIND to resolve recursive queries from localhost and put it in /etc/resolv.conf signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does authority named require the external name servers?
On May 2 2011, Torinthiel wrote: On 05/02/11 14:20, Jeff Pang wrote: 2011/5/2 Jeff Pang jeffrp...@gmail.com: 2011/5/2 Torinthiel torinth...@data.pl: Authority named never sends queries on it's own, only responds to submitted queries. Doesn't it execute iterative query from the root server? For example, given the nameserver is authority for abc.com. And abc.com has two NS RRs: abc.com.IN NS ns1.def.com. abc.com.IN NS ns2.def.com. def.com is authoritative resolved by other nameservers. If there is no correct nameserver list in /etc/resolv.conf, then this named can't find ns1.def.com and ns2.def.com? As you've noticed below, named will be able to find it. But why should it? First, if it's authorative for abc.com than it's probably one of ns[12].def.com, It could be a stealth slave, or a hidden master. and second, a response with only nameservers and without their addresses is perfectly valid response. And not that unusual too. BIND will not add glue records for nameservers in zones which it's not authorative for. So in this example if said server is also authorative for def.com, than it knows ns[12].def.com addresses without querying root servers. If it is not, it won't add glue records no matter what. It will need to know the addresses of ns1.def.com ns2.def.com to send them NOTIFY packets when the zone is updated (unless that has been suppressed). But it gets those by (if necessary) recursive lookups based on its root hints (compiled in or otherwise), not by using the OS resolver. -- Chris Thompson Email: c...@cam.ac.uk ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does authority named require the external name servers?
2011/5/3 Chris Thompson c...@cam.ac.uk: It will need to know the addresses of ns1.def.com ns2.def.com to send them NOTIFY packets when the zone is updated (unless that has been suppressed). But it gets those by (if necessary) recursive lookups based on its root hints (compiled in or otherwise), not by using the OS resolver. Hi Chris, That's what the real question I want to know. For example, my DNS Servers have lots of domains hosting, all the zones have the same NS RRs: ns1.dnsbed.com ns2.dnsbed.com But dnsbed.com is not authority resolved by my own nameservers. So, I was asking when there is not correct entries in /etc/resolv.conf if named will find the ns1 and ns2.dnsbed.com correctly from the root hint. Now I got it, thank you. -- Jeff Pang www.DNSbed.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: does authority named require the external name servers?
2011/5/3 Jeff Pang jeffrp...@gmail.com: 2011/5/3 Chris Thompson c...@cam.ac.uk: It will need to know the addresses of ns1.def.com ns2.def.com to send them NOTIFY packets when the zone is updated (unless that has been suppressed). But it gets those by (if necessary) recursive lookups based on its root hints (compiled in or otherwise), not by using the OS resolver. Hi Chris, That's what the real question I want to know. For example, my DNS Servers have lots of domains hosting, all the zones have the same NS RRs: ns1.dnsbed.com ns2.dnsbed.com But dnsbed.com is not authority resolved by my own nameservers. So, I was asking when there is not correct entries in /etc/resolv.conf if named will find the ns1 and ns2.dnsbed.com correctly from the root hint. And why I want to make sure it get the results from root hint, because when I update my NS record's values, I want to let BIND know it quickly, not effected by the old TTL. -- Jeff Pang www.DNSbed.com ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
