On 13/04/15 13:48, Tony Finch wrote:
Phil Mayers <p.may...@imperial.ac.uk> wrote:
TBH I wonder if bind mightn't be better caching ANY as a separate
pseudo-type, if I'm understanding the problem correctly.
Actually I think you are asking for BIND not to treat ANY specially :-)
Maybe. I don't have ANY (ha! ha! oh my sides...) idea how it treats it
now, it seems...
If BIND gets a positive answer to an ANY query, it caches each RRset from
the response individually. There is no separate positive ANY cache entry.
This means that if you query for a type which was not present in the ANY
response, BIND will pursue that query upstream. This is necessary because
ANY responses can be incomplete. When BIND gets a NODATA response to an
ANY query it creates a special cache entry which matches any query type,
so subsequent queries for the same name will get a cached negative
response regardless of the type.
Ah ha. This is interesting.
You are asking for these negative cache entries to match only ANY queries,
not queries for other types, so they behave like normal NODATA cache
entries.
Well, I personally am not seeing problems so I'm not really asking ;o)
But it does seem the current behaviour is maybe a little dangerous, even
if the upstream server is buggy. One wonders if a spoofed negative reply
could be triggered more easily with it.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
