On 20/02/2017 00:38, stancs3 wrote:
I have attached the remaining thing I cannot resolve (no pun).
1. The test above the ===== line is:
Recursor listening on port 53, forwarding to auth server listening on
port 5300.
Dig of NS replies with no Additional section.
Dig of ns1 replies with the A record.
2. The test below the ===== line is:
No recursor, auth server listening on port 53.
Dig of NS replies with Additional section showing the A records for
both NSs.
This is correct behaviour.
The "additional" section is for glue records, and they are only needed
for a resolver talking to an authoritative server, and only in a special
circumstance. They solve the chicken-and-egg problem: if you are
resolving a name within domain EXAMPLE.COM, and the delegation is to
NS1.EXAMPLE.COM, then you need to send the query to NS1.EXAMPLE.COM. But
to send a packet, you need an address to send it to. And in order to
find the address of NS1.EXAMPLE.COM you need to talk to the nameservers
for EXAMPLE.COM!
The glue records give a hint as to what addresses to try, when the
delegation is to a nameserver whose name is within the zone being queried.
However, when a client is talking to a resolver, it does not need to see
glue. It just sees the answer (or lack of answer). It's the resolver's
job to contact authoritative nameserver(s) on its behalf.
Regards,
Brian.
_______________________________________________
Pdns-users mailing list
[email protected]
https://mailman.powerdns.com/mailman/listinfo/pdns-users
