On 7/23/2012 6:23 PM, Kevin Darcy wrote:
On 7/22/2012 7:27 PM, Andris Kalnozols wrote:
On 7/22/2012 10:19 AM, Paul Wouters wrote:
(I don't think this made it to the list before, mixup of email
addresses)
Please consider including this patch,
Paul
---------- Forwarded message ----------
Date: Mon, 2 Jul 2012 17:45:08
From: Paul Wouters <p...@nohats.ca>
Cc: Paul Vixie <p...@redbarn.org>
To: bind-users@lists.isc.org
Subject: PATCH: dig warn user when querying ANY towards recursive
server
Hi,
As recently came up, when querying a recursive caching server for ANY
will only result on cached entries being returned, and not the whole
possible set. For that you need to query the authoritative server.
I wasn't aware of this, and since I'm sure I'll forget about this again
too, I wrote a patch for dig to remind me. Please apply :)
Don't forget that recursive servers can also host the zone being
queried. Testing for the "aa" flag makes the message more accurate.
if ((query->lookup->rdtype ==
dns_rdatatype_any) &&
((msg->flags & DNS_MESSAGEFLAG_RA) != 0) &&
(msg->flags & DNS_MESSAGEFLAG_AA) == 0)
printf("\n\n;; WARNING: Requested
ANY data "
"from a non-authoritative
recursive "
"server.\n;; The cached answer "
"might be incomplete.\n\n");
The DNS_MESSAGEFLAG_AA conditional should completely replace the
DNS_MESSAGEFLAG_RA conditional, since it's perfectly valid to deny
recursion to a particular client (RA=0), while at the same time
allowing it to access cached data -- Samba: An Introduction which
might be an incomplete nameset and therefore should prompt the warning
-- built up by other clients which are allowed to recurse from the
same nameserver instance. The only thing that really matters is the AA
flag.
Whoops, copy & paste error: please ignore the Samba stuff in the
paragraph above...
- Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
