BIND 9.1.0 eccentricities (non-auth replies and format errors)
Jim Reid
jim at rfc1035.com
Wed Jan 31 19:05:49 UTC 2001
>>>>> "Christopher" == Zarcone, Christopher <Christopher.Zarcone at netigy.com> writes:
Christopher> 1. Other than local authoritative data, every query
Christopher> automatically comes back "Non-authoritative reply"
Christopher> even on the first attempt. It has been my previous
Christopher> experience with BIND 8 that non-cached lookups come
Christopher> directly from the authoritative source, which are
Christopher> summarily cached, and subsequent lookups of the same
Christopher> name are "non-authoritative" and fed from the
Christopher> cache. Any ideas, perhaps some sort of change in BIND
Christopher> 9?
Yes. BIND9 gets it right. The legacy behaviour in BIND8 was/is wrong.
It should not have been setting the aa bit when returning an answer
that clearly wasn't authoritative.
Christopher> 2. Sniffer traces show an unusual number of format
Christopher> errors with DNS queries. Usually the first query to
Christopher> a given name server will fail with this error, but
Christopher> subsequent queries. My suspicion is that BIND 9 is
Christopher> using some new query format that other servers don't
Christopher> understand, then reverts to a legacy query format,
This will be the BIND9 server attempting ENDS0 probes to see if the
remote server supports ENDS0: essentially DNS with bigger packets.
Servers that don't support EDNS0 should send back FORMERR "Format
error" responses to those probes.
More information about the bind-users
mailing list