BIND/Named question

Kenneth Almquist ka at june.cs.washington.edu
Tue Jan 24 11:59:12 AEST 1989 

> 	I posted this once before, but never got any responses (except for
> a question), so I'm going to try it again.

I'm not an expert on this stuff, but since I haven't seen any responses
I'll give it a try.

> 	The question:  Should named, when the TTL of an address mapping goes
> to 0, go back out and get a confirmation of the address, or should it simply
> give the address as non-authoritative??

The TTL (time to live) field is "a 32 bit signed integer that specifies
the time interval that the resource record may be cached before the source
of the information should again be consulted," (rfc 1035) so I believe
that you should discard the address from your cache when the time goes
to zero, and fetch it from the source if you later need the address
again.

If your name server is authoritative for the domain being queried, then
the TTL field doesn't apply.  You don't have to "go back out and get a
confirmation of the address" because you have your own copy of the entire
database for the domain.  So I assume that your question refers to queries
which are sent to a name server which is not authoritative for the domain
being queried.

The AA (authoritative answer) bit "specifies that the responding name
server is an authority for the domain name in question section." (rfc 1035)
So a name server should not set the AA bit in responses that it generates
from its cache.

> 	As it stands now, we give out a non-authoritative answer, which the
> network hardware interprets as an invalid address.  It appears that their
> software wants a fully-authoritative answer before it will make the
> connection.  (The network hardware in question is Ungermann-Bass).

Now this I don't understand at all.  If a piece of software wants an
authoritative answer and you aren't authoritative for the domain being
queried, then the software shouldn't be sending queries to you.  (It is
possible that someone is lying to it about which name servers are
authoritative.)  And I don't think that their software has any business
insisting on authoritative answers in the first place.

> The people in charge of our network (which gets name service from us) claim
> that we are giving out bogus information for addresses whose TTL has gone to
> 0.  They contend that if the TTL of the address has gone to 0 that named 
> should check this address and reset its TTL (thus, theoretically making it
> authoritative) before issuing the response.

I believe that this is correct, except for the comment about making it
authoritative.

> 	The software is BIND 4.8 running on a Pyramid 98x.  No other systems 
> seem to be upset by this, but the UB NIU's want more solid confirmation (it
> appears).

You mean they aren't upset under normal conditions.  Distributing data
which has exceeded its Time To Live will cause problems when the network
changes (making the data invalid), and setting the Authoritative Answer
bit in answers which aren't authoritative can confuse people who are
trying to diagnose name server problems.  It's probably worth fixing your
software so it doesn't do these things, but that won't help with the
problems of the UB NUI's.  Unless there is some reason for the NUI's to
insist on authoritative answers (and I can't think of any), you should
fix the NUI software.  If that is not possible, you might stick a WELL
DOCUMENTED hack into your name server to check whether the requester is
an NUI, and to set the AA bit if it is.
				Kenneth Almquist

More information about the Comp.unix.wizards mailing list