Suboptimal behavior from nsd

Phil Howard phil-nsd-users at
Mon Jan 12 14:54:50 UTC 2004

On Mon, Jan 12, 2004 at 03:12:56PM +0100, Ted Lindgreen wrote:

| [Quoting Stephane Bortzmeyer, on Jan 12, 14:55, in "Re: Suboptimal behav ..."]
| > On Thu, Jan 08, 2004 at 02:36:51PM +0100,
| >  Ted Lindgreen <ted at> wrote 
| >  a message of 49 lines which said:
| > 
| > > An authoritative-only server should only produce the necessary
| > > glue:  info about in-zone nameservers, and no other Additional
| > > data. 
| > 
| > So, BIND is wrong?
| No, BIND is (per default) not an "authoritative-only server".
| BIND is (also) a caching forwarder, and caching forwarders can/may
| give back any RRsets it has properly looked up and successfully
| cached earlier, when it believes such RRsets may to be relevant to
| the requestor (like an A RR to which a CNAME or an MX points).
| What a caching forwarder server should NOT do, is to construct
| answers using RRsets received as glue on earlier queries. But I
| don't think modern BINDs (i.e. later than BIND4) are doing that
| anymore.

I understand this to mean that answer RRs can become answer RRs or can
become additional RRs on future queries, and additional RRs can become
additional RRs on future queries, but cannot become answer RRs on future
queries.  Servers like BIND might glue in RRs it is not authoritative
for, but if it can be determined that the server some additional RR
came from is the one that is authoritative for that data, why not allow
it?  Or is it unreliable to determine that?

Just curious.  Obviously this (caching behaviour) doesn't apply to NSD.
I happen to run NSD for authority purposes and BIND for caching purposes,
(though I am considering dnscache from DJBDNS) as well as an extra set of
BIND for slaving other domains.

| Phil Howard KA9WGN       | |
| (first name) at | |

More information about the nsd-users mailing list