[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference turris::digital_unix

Title:	DIGITAL UNIX(FORMERLY KNOWN AS DEC OSF/1)
Notice:	Welcome to the Digital UNIX Conference
Moderator:	SMURF::DENHAM

Created:	Thu Mar 16 1995
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	10068
Total number of notes:	35879

10015.0. "DNS regularly query root servers?" by TPOVC::SIMONLEE () Mon Jun 02 1997 13:42

    
    I am setting up a benchmark for a bid which includes a Alta-Vista
    firewall. I set up a primary DNS server on the firewall which provides
    name information for internal net. Because this is just a benchmark, it
    does not connect to the internet, so the DNS can never reach the root
    servers.
    
    My problem is that when I telnet or ftp or make a WWW query
    from inside firewall to the outside, the operation can succeed, which
    is set up as expected. But the responses are too slow to the extent
    that nobody can tolerate. Even when I use IP address instend of name,
    it was still so. I tried to use tcpdump to capture the traffic and
    discovered the DNS (firewall) queried the root servers constantly
    when I made any of telnet, ftp, or http connections even
    the names I used are under authoritative of the DNS I set up.
    
    Supposedly primary DNS solves the names which it is authoritative and
    passes names non-authoritative to the root servers or forwarded
    servers or deligated servers. In my case, it seemd not to follow that.
    
    So what I am trying to clarify is that does DNS on Digital UNIX
    regularly contact root servers? Why and exactly when does it need to do
    so? In my case, how can I prevent the DNS from query root servers?
    Make it run in slave mode? I have tried, doesn't work? it still queried
    one of the root server (server B). So anybody who can help, please!
    
    /Simon

T.R Title User Personal
Name Date Lines

10015.1 Pretend to be root! INDYX::ram Ram Rao, PBPGINFWMY Mon Jun 02 1997 18:14 17

T.R	Title	User	Personal Name	Date	Lines
10015.1	Pretend to be root!	INDYX::ram	Ram Rao, PBPGINFWMY	`Mon Jun 02 1997 18:14`	17
	DNS was designed using the philosophy: no DNS server, needs to know the name/address of any other name-servers, except those immediately below it in the DNS name-space. There is ONE exception to the above. Every DNS server MUST know the name of the root name-server(s), in order to be able to contact name-servers that are not below it in the DNS name-space. This information is typically "cached" in the named.ca configuration file. If you are not connected to the Internet and hence can't reach the servers in your named.ca config file, you can for your benchmark pretend you are a root server, and appropriately munge your named.ca to complete your masquerade. Ram

DNS was designed using the philosophy:
	no DNS server, needs to know the name/address of any other
	name-servers, except those immediately below it in the DNS
	name-space.

There is ONE exception to the above.  Every DNS server MUST know
the name of the root name-server(s), in order to be able to contact
name-servers that are not below it in the DNS name-space.  This
information is typically "cached" in the named.ca configuration
file.

If you are not connected to the Internet and hence can't reach the
servers in your named.ca config file, you can for your benchmark
pretend you are a root server, and appropriately munge your named.ca
to complete your masquerade.

Ram