win2k SOA Non-Authoritative Response
Barry Margolin
barmar at genuity.net
Wed Oct 31 20:02:10 UTC 2001
In article <9rpiog$gtp at pub3.rc.vix.com>,
Jay Remsen <jkremsen at mail.netusa1.net> wrote:
>My colleague and I currently support several Bind DNS servers and recently
>inherited a win2k DNS active directory server. While trying to integrate the
>win2k server into our DNS structure we noticed that the win2k server was
>responding to queries with what appears to be non-authoritative answers for
>things that it is the authoritative server. Looking at the packets with a
>sniffer, we see that the AA bit is set in the replies but there is not any info
>in the Authority Section of the packet. However, there is info in the
Filling in the authority section is not required unless you're sending a
referral. BIND includes the NS records in the authority section of its
replies, but this is not required AFAIK.
>Additional Section. DIG, NSLOOKUP and Host commands all show the replies as
>being non-authoritative even when the AA bit is set. The following is an
>example of what we are seeing.
What do you mean "show the replies as being non-authoritative"? The
"flags" section contains "aa", which means the reply is authoritative. The
Authority section has nothing to do with whether a reply is authoritative
or not; it's used to refer the client to some other server that's supposed
to be authoritative for the zone.
>$ dig @192.168.40.51 soa academy.com.
>
>; <<>> DiG 8.3 <<>> @192.168.40.51 soa academy.com.
>; (1 server found)
>;; res options: init recurs defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>;; QUERY SECTION:
>;; academy.com, type = SOA, class = IN
>
>;; ANSWER SECTION:
>academy.com. 1H IN SOA plato.academy.com. admin. (
> 104 ; serial
> 15M ; refresh
> 10M ; retry
> 1D ; expiry
> 1H ) ; minimum
>
>
>;; ADDITIONAL SECTION:
>plato.academy.com. 1H IN A 192.168.40.51
>
>;; Total query time: 3 msec
>;; FROM: kotpns01 to SERVER: 192.168.40.51
>;; WHEN: Wed Oct 31 12:47:56 2001
>
>Has anyone seen this before, or thinks that this is going to be a problem in a
>bind environment?
>
>Thanks,
>
>Jay Remsen
>jkremsen at netusa1.net
>
>1
>
>
>
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list