[dns-operations] 答复: DNS forwarder behavior on response with cname
Davey Song(宋林健)
ljsong at biigroup.cn
Fri Dec 7 10:12:23 UTC 2018
Thanks Mukund. I will look into that document.
But I'm not convinced by the txt you quote. Because the forwarder or proxy most probably receive records from the cache of the upstream resolver. I mean the AD bit will never set in the response received by the forwarder from upstream resolver. How a forwarder is expected to receive a authoritative answers from authoritative server. In my test case, the local resolver receive 2 cname records and one A record from 114.114.114.114. It query again to 114.114.114.114 for A query of the cname. It makes no sense.
Davey
> -----邮件原件-----
> 发件人: Mukund Sivaraman [mailto:muks at mukund.org]
> 发送时间: 2018年12月7日 17:29
> 收件人: Davey Song(宋林健)
> 抄送: dns-operations at dns-oarc.net
> 主题: Re: [dns-operations] DNS forwarder behavior on response with cname
>
> On Fri, Dec 07, 2018 at 04:06:29PM +0800, Davey Song(宋林健) wrote:
> > Hi folks,
> >
> >
> >
> > I noticed my local resolver (set forwarder for . ) send queries for
> > cname after it received a response which contains cname in answer section.
> >
> > For example when I dig A www.youku.com @my local resolver . It returns
> > two cname RR and A RR in answer section. It is observed that local
> > resolver sent a A query on the first cname :
> > ipv6-aserver-heyi.m.taobao.com. The local resolver response the client
> > only after it got answer from the cname response. It definite
> > introduces a delay in between. Is it normal ? which RFC specify this or is it a
> implementation consideration? For what purpose ?
>
> See RFC 2181 section 5.4.1:
>
> Note that the answer section of an authoritative answer normally
> contains only authoritative data. However when the name sought is an
> alias (see section 10.1.1) only the record describing that alias is
> necessarily authoritative. Clients should assume that other records
> may have come from the server's cache. Where authoritative answers
> are required, the client should query again, using the canonical name
> associated with the alias.
>
> Mukund
More information about the dns-operations
mailing list