named responding recursive on norecurse queries
Posted
by
Keks
on Server Fault
See other posts from Server Fault
or by Keks
Published on 2012-11-12T14:23:32Z
Indexed on
2012/11/12
17:04 UTC
Read the original article
Hit count: 172
bind
I have a server on which named is running. It is intercepted with another named server which it is not aware of. Querying the first named server results in timeouts. The server tries to resolve the query recursively. During that the firewall redirects the DNS Request from the first named server to the second one (the query from the first one is addressed to a e.g. a root server and has its "Recursion desired" bit set to 0). Despite that the second named responds to this request with a entirely or at least 1 level more resolved response than the first named server expects.
So it ends up with a timeout even though it got a correct name server or even the full IP for the queried domain.
In the first case the first name server tries to follow the authority domain ignoring the coresponding glue record and ends up in a loop it aborts:
queried: google.com
-> got from named#2: ns1.google.com
-> ignore glue record and query: ns1.google.com
-> got authority from named#2: google.com
In the second case it ignores the answer section with the correct IP and instead tries to follow the name servers from the authority section, which ends up in the same dead end as case 1.
So how can it be that the second named responds with recursive results even though the bit was explicitly set to 0 in the request from the first named?
© Server Fault or respective owner
