[Pdns-users] Packet cache + allow-recursion

Norbert Sendetzky norbert at linuxnetworks.de
Sun Feb 1 19:22:03 UTC 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all

I've found a negative side effect of the "whole packet caching" in 
combination with the allow-recursion feature:

If a query is started from a host which is not allowed to get 
recursive answers, it will get a response "NXDOMAIN". This response 
is cached and if now another host (this one is allowed to do 
recursive queries) questions for the same record, it will get the 
same answer instead of the correct one.
The other way (allowed host first) round the same happens and the host 
which isn't allow to recurse get the answer of the first question.

I don't know how to fix this soon, so be careful about the 
allow-recursion feature, especially if you're cache ttls are high.


Norbert

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAkAdUdsACgkQxMLs5v5/7eDsYACffEyp2DttClhI/3g/n2OJA82M
wo8An2zILw8gT1lr/WuI3qQhRuA6de/W
=BIKV
-----END PGP SIGNATURE-----



More information about the Pdns-users mailing list