From 82b6267672ab870d2432a81c229d59adb4960d2d Mon Sep 17 00:00:00 2001 From: Peter van Dijk Date: Tue, 8 Oct 2013 09:33:24 +0200 Subject: [PATCH] update dns-to-query section --- pdns/docs/pdns.xml | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/pdns/docs/pdns.xml b/pdns/docs/pdns.xml index be5925443..fdf8a7b45 100755 --- a/pdns/docs/pdns.xml +++ b/pdns/docs/pdns.xml @@ -21743,12 +21743,13 @@ Reply: unauthoritative response. - Simplified, without CNAME processing and wildcards, the algorithm is like this: + Simplified, without CNAME processing, wildcards, referrals and DNSSEC, the algorithm is like this: - When a query for a qname/qtype tuple comes in, it is requested directly from the backend. - If present, PDNS adds the contents of the reply to the list of records to return. A question tuple may generate multiple answer - records. + When a query for a qname/qtype tuple comes in, PDNS queries backends to find the closest matching + SOA, thus figuring out what backend owns this zone. When the right backend has been found, PDNS issues a + qname/ANY query to the backend. If the response is empty, NXDOMAIN is concluded. If the response is + not empty, any contents matching the original qtype are added to the list of records to return, and NOERROR is sset. Each of these records is now investigated to see if it needs 'additional processing'. This holds for example for MX records which may @@ -21762,17 +21763,11 @@ Reply: A zone transfer works by looking up the domain_id of the SOA record of the name and then listing all records of that domain_id. This is why all records in a domain need to have the same domain_id. - - When a query comes in for a specific qname, PDNS starts looking for SOA records of all subdomains of the qname, so - no.such.powerdns.com turns into a SOA query for no.such.powerdns.com, such.powerdns.com, powerdns.com, com, ''. When a SOA is found, - that zone is consulted for relevant NS instructions which lead to a referral. If nothing is found within the zone, an authoritative - NXDOMAIN is sent out. - If no SOA was found, an unauthoritative no-error is returned. - PDNS breaks strict RFC compatibility by not always checking for the presence of a SOA record first. This is unlikely to lead to + PDNS (before 3.0) broke strict RFC compatibility by not always checking for the presence of a SOA record first. This was unlikely to lead to problems though. -- 2.40.0