In article <mailman.1922.1428521124.26362.bind-us...@lists.isc.org>,
Chuck Anderson <c...@wpi.edu> wrote:
> I have load balancers (I know, run away now) acting as authoritative
> servers for a GSLB zone. The sub-zone is delegated properly from my
> main zone which runs BIND. All my clients are using the BIND server
> as their caching resolver.
>
> Every once in a while, my mail server gets back a 'NOANSWER' for one
> of our load-balanced mail servers and causes mail to be bounced. I've
> tracked this down to the following BIND behavior and load balancer
> behavior:
>
> 1. On TTL expiry, BIND sends an 'ANY' query for the RR in question to
> the authoritative servers for the zone (load balancers). This
> happens even if there is no current recursive query being processed
> by BIND for this name. It seems that BIND does this to attempt to
> "refresh" the cache in advance of another recursive query coming
> in.
Are you sure it's BIND doing this? Refreshing without a query in
progress is called "proactive refresh" (sometimes abbreviated
"prefresh"), and there are some nameservers that do it, but I didn't
think BIND was among them.
> 2. Unfortunately, the load balancer answers 'NOANSWER' when queried
> with the 'ANY' type ('A' queries work fine). Is this correct
> behavior?
No. An authoritative server should respond with all the records for the
name, a caching server should respond with all the records it has cached
for the name.
>
> 3. BIND caches the 'NOANSWER' response.
Correct.
>
> 4. When the next recursive query for the 'A' RR for this name comes
> in, BIND responds 'NOANSWER' from cache.
Correct.
>
> 5. After some time (zone SOA TTL???), BIND ages out this 'NOANSWER'
The negative cache TTL, i.e. the MinTTL field in the SOA record.
> from the cache and sends an 'A' query to the auth servers (load
> balancers). Again, this happens even if there is no current
> recursive query being serviced for this name, perhaps to "refresh"
> the cache once again.
Again, I don't think BIND will force a refresh if there's no query being
services.
>
> 6. The load balancer answers with the correct 'A' record response.
>
> 7. BIND caches the correct 'A' response.
>
> 8. When the next recursive query for the 'A' RR for this name comes
> in, BIND responds with the correct 'A' record from cache.
>
> My questions are, what is at fault here? Is it a BIND bug to expect
> 'ANY' queries to work? Is it a load balancer bug to respond
ANY queries should be expected to work when sending to the authoritative
server, but they're not reliable when sending to a caching server. But
this is the first I've heard of BIND spontaneously sending ANY queries
as you describe.
> 'NOANSWER' to an 'ANY' query? Is it a BIND bug to cache this
> 'NOANSWER', or should it have instead immediately issued an 'A' query
> before expiring the cache? Should BIND have not cached 'NOANSWER' at
> all, and instead just have done an 'A' query as needed when recursing
> during the servicing of the next query from the client?
>
> And finally, is there something I can tweak in BIND to avoid this
> problem?
>
> Thanks.
--
Barry Margolin
Arlington, MA
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
