Not only that, but DNS.gduf.edu.cn is performing recursion, while not
setting RA in, and not copying RD into, the header of the response.
% dig www.smartip.gduf.edu.cn. @DNS.gduf.edu.cn
; <<>> DiG 9.3.0 <<>> www.smartip.gduf.edu.cn. @DNS.gduf.edu.cn
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 593
;; flags: qr aa; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.smartip.gduf.edu.cn. IN A
;; ANSWER SECTION:
www.smartip.gduf.edu.cn. 30 IN A 218.192.12.3
www.smartip.gduf.edu.cn. 30 IN A 218.192.12.4
www.smartip.gduf.edu.cn. 30 IN A 218.192.12.10
I suspect this is YABDLBD (Yet Another Brain-Damaged Load-Balancer
Device). Or a defective DNS proxy.
While the cache is populated with these records, even *non-recursive*
queries will be given this answer directly, instead of a referral. Once
the records time out, referrals are given again.
But, why do you (the original poster) care? If the caching of these
records by this server is a problem, surely it's a more *general*
problem of the records being cached by resolvers everywhere. Either set
the TTLs accordingly, or abandon whatever plans you have to make the
responses completely "dynamic", or ordered in any particular way...
DNS isn't, and never was intended to be, a comprehensive load-balancing
or failover mechanism. Maybe it can become that, if SRV records were
used as a matter of course, but we haven't achieved that yet. Not by a
long shot.
Since the addresses all appear to be in the same subnet, you might want
to look into front-ending them with some sort of dedicated "local"
load-balancer, either implemented in hardware or software.
- Kevin
Chris Buxton wrote:
On Dec 3, 2009, at 3:38 AM, Tech W. wrote:
# dig smartip.gduf.edu.cn ns +short
dtone1.gduf.edu.cn.
# dig www.smartip.gduf.edu.cn +short
121.8.235.88
# dig www.smartip.gduf.edu.cn +trace
[...]
www.smartip.gduf.edu.cn. 8 IN A 218.192.12.4
www.smartip.gduf.edu.cn. 8 IN A 218.192.12.10
www.smartip.gduf.edu.cn. 8 IN A 218.192.12.3
;; Received 89 bytes from 218.192.12.6#53(DNS.gduf.edu.cn) in 106 ms
DNS.gduf.edu.cn is open to recursive queries from anyone. Is it possible you
were seeing a cached answer?
A DNS server that is authoritative for a zone that has subzones that are
delegated to other DNS servers should not be performing recursion. Not for
anyone. It leads to confusing results.
$ dig www.smartip.gduf.edu.cn +norec @DNS.gduf.edu.cn
; <<>> DiG 9.6.0-APPLE-P2 <<>> www.smartip.gduf.edu.cn +norec @DNS.gduf.edu.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22315
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;www.smartip.gduf.edu.cn. IN A
;; AUTHORITY SECTION:
smartip.gduf.edu.cn. 3600 IN NS dtone1.gduf.edu.cn.
;; ADDITIONAL SECTION:
dtone1.gduf.edu.cn. 3600 IN A 218.192.12.233
;; Query time: 398 msec
;; SERVER: 218.192.12.6#53(218.192.12.6)
;; WHEN: Thu Dec 3 08:43:50 2009
;; MSG SIZE rcvd: 97
$ dig www.smartip.gduf.edu.cn +norec @dtone1.gduf.edu.cn
; <<>> DiG 9.6.0-APPLE-P2 <<>> www.smartip.gduf.edu.cn +norec
@dtone1.gduf.edu.cn
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47739
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.smartip.gduf.edu.cn. IN A
;; ANSWER SECTION:
www.smartip.gduf.edu.cn. 30 IN A 121.8.235.88
;; AUTHORITY SECTION:
smartip.gduf.edu.cn. 3600 IN NS dtone1.gduf.edu.cn.
;; Query time: 396 msec
;; SERVER: 218.192.12.233#53(218.192.12.233)
;; WHEN: Thu Dec 3 08:44:17 2009
;; MSG SIZE rcvd: 78
Chris Buxton
Professional Services
Men & Mice
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
