ok, I've google'd my butt off, and dug thru DNS & BIND, and cannot find the answer to this question. Does a 302 server response force another DNS lookup of the "Location" even if the 302 points to the same URL?
Some background on the issue: I run hardware load balancers and am running into a login process that is sometimes stuck in a "loop"; i.e., successful authentication clears the fields and brings an empty login screen back up, a bad auth correctly shows "access denied". My working theory (based on packet captures) is that the login process is handing the browser back a 302 response, which is causing the browser to do another lookup of http://internal.prod.server/application_context/login.jsp and letting the browser jump to a different GSLB address.
Unfortunately, this stopped being obviously broken over the weekend so I can't get a definitive packet capture showing the bad behavior. Semi-unfortunately, I'm one of those crazy network wonks who can't simply accept that it's not broken anymore and needs to definitively say what the original issue was...
edit: load balanced request
; <<>> DiG 9.7.0-P1 <<>> ps.svc.cfx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31149
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; QUESTION SECTION:
;ps.svc.cfx. IN A
;; ANSWER SECTION:
ps.svc.cfx. 10 IN A 192.168.125.202
;; AUTHORITY SECTION:
ps.svc.cfx. 3600 IN NS gslb.cn.example.com.
;; ADDITIONAL SECTION:
gslb.cn.example.com. 21600 IN A 172.19.1.200
gslb.cn.example.com. 21600 IN A 172.18.1.200
;; Query time: 10 msec
;; SERVER: 172.18.1.2#53(172.18.1.2)
;; WHEN: Mon Aug 2 13:01:21 2010
;; MSG SIZE rcvd: 108
The 172.18.1.2 responder in this example is a cluster of BIND servers running internal/external views and sync'd off a hidden master.