[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

elementary DNS facts

To: namedroppers@ops.ietf.org
Subject: elementary DNS facts
From: "D. J. Bernstein" <djb@cr.yp.to>
Date: 3 Dec 2002 08:13:11 -0000
Automatic-legal-notices: See http://cr.yp.to/mailcopyright.html.
References: <20021130042703.23356.qmail@cr.yp.to> <3DE54582.1C9704ED@daimlerchrysler.com> <4.3.1.2.20021127224733.0381c580@pop.gis.net> <4.3.1.2.20021129194515.038705b0@pop.gis.net> <20021130042703.23356.qmail@cr.yp.to> <4.3.1.2.20021202215152.0384d320@pop.gis.net>

[ post by non-subscriber.  with the massive amount of spam, it is easy to miss
  and therefore delete posts by non-subscribers.  your subscription address is
  54830374684695-namedroppers@sublist.cr.yp.to, please post from it or, if you
  wish to regularly post from an address that is not subscribed to this
  mailing list, send a message to namedroppers-owner@ops.ietf.org and ask to
  have the alternate address added to the list of addresses from which
  submissions are automatically accepted. ]

Danny Mayer writes:
> If you have two servers, one a master and the other the slave for a
> specific zone and the slave uses AXFR to transfer the zone from the
> master, can the slave ever give different answers to queries than what
> the master would respond as a result of the received zone?

Yes, of course. Suppose the server is also a slave for a child zone from
another master. If there's an inconsistency between the two masters,
it's obviously impossible to simultaneously (1) match what the parent
zone master says and (2) match what the child zone master says.

It's possible to match both for AXFR requests, as axfr-clarify demands,
but it's simply impossible to match both for normal queries, because
queries don't name zones. Matching is not part of the DNS protocol.

(See my message <20021124091420.47876.qmail@cr.yp.to> for an analysis of
what the protocol says about these inconsistencies.)

> If the answer is yes, something is wrong since you should get the same
> answer no matter which authorative server you ask. That's what I meant
> by broken.

You are fundamentally confused about how DNS works. See above.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Follow-Ups:
- Re: elementary DNS facts
  - From: Mark.Andrews@isc.org

References:
- Re: in support of axfr-clarify
  - From: "D. J. Bernstein" <djb@cr.yp.to>
- Re: in support of axfr-clarify
  - From: Kevin Darcy <kcd@daimlerchrysler.com>
- Re: in support of axfr-clarify
  - From: Danny Mayer <mayer@gis.net>
- Re: in support of axfr-clarify
  - From: Danny Mayer <mayer@gis.net>
- Re: in support of axfr-clarify
  - From: Danny Mayer <mayer@gis.net>

Prev by Date: Re: in support of axfr-clarify
Next by Date: Re: TM/UCC distractions [Was Re: in support of axfr-clarify]
Previous by thread: Re: in support of axfr-clarify
Next by thread: Re: elementary DNS facts
Index(es):
- Date
- Thread