bind-users April 2010 archive
Main Archive Page > Month Archives  > bind-users archives
bind-users: Re: Additional records in A-Query

Re: Additional records in A-Query

From: Fabian Hahn <fh_at_nospam>
Date: Mon Apr 19 2010 - 20:49:37 GMT

I do see additional "unsolicited" A-records being returned with CNAME-records and NS-records. They seem to be honored by the forwarders and resolvers on the way back.

In addition i should have mentioned that these records will be hosts in the same domain and this is implemented for a authoritative-only DNS server.

I am hoping that this will decrease the time a user experiences in DNS related delays when viewing a web page referencing several URLs in the domain.


> On 4/18/2010 5:17 AM, Fabian Hahn wrote:
> > To speed up queries for the user I need to force the inclusion of additional records in a DNS response.
> >
> > I.e. when returning A I would like to force the inclusion of A-records for since they will be used in the same web-page.
> >
> >
> No, you can't convince BIND to include "unsolicited" A-records in a
> response, and even if you could, most resolvers would reject them
> anyway, as Barry pointed out. There are serious security problems with
> accepting A-records that weren't found through the regular iterative
> process. How can you trust that such A-records are legitimate?
> Sledgehammer approach: run a "refreshing" script to periodically query
> those names so that you can keep your local cache populated with them.
> The frequency of that script should be tuned to the TTL of the relevant
> records. If your client usage patterns indicate low activity at certains
> times of day/week, then you might want to exclude those times from the
> running of the "refreshing" script, so as to reduce the
> network-bandwidth overhead.
> - Kevin
bind-users mailing list