Unexpected "REFUSED" response.
Neil W Rickert
rickert+nn at cs.niu.edu
Sun May 16 17:15:18 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Queries are restricted to campus-access, except for domain for which
the server is authoritative. The server is running bind-9.2.3
The domain is NIU.EDU.
Its configuration for this domain:
zone "niu.edu" in {
type slave ;
file "cache/niu.DOM" ;
masters { 131.156.1.11 ; } ;
allow-query { any ; } ;
} ;
A query from off-campus resulted in the unexpected:
; <<>> DiG 9.2.3 <<>> @mp.cs.niu.edu max.niu.edu
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 65093
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;max.niu.edu. IN A
If I repeate the query, but with "+norec" on the command line (to
turn off recursion), I get:
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30026
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;max.niu.edu. IN A
;; ANSWER SECTION:
max.niu.edu. 86400 IN CNAME max.forlangs.net.
When the query is made from on-campus, the result is
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18977
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;max.niu.edu. IN A
;; ANSWER SECTION:
max.niu.edu. 86400 IN CNAME max.forlangs.net.
;; AUTHORITY SECTION:
forlangs.net. 10800 IN SOA wolf.niu.edu. root.wolf.niu.edu. 40 7200 3600 604800 86400
The response to the initial query seems wrong to me. I am posting
here (via the usenet gateway) rather than the bugs address, because I
am not quite sure whether it is a bug.
I would have expected the answer to be the same as for the second
query, but with the "recursion denied" flag set. The fact that there
is a negative response in cache for the CNAME destination should not,
in my opinion, have the effect of causing a REFUSED response to the
original lookup.
I'm interested in any comments. Preferably send comment to the
mailing list, where I will read them via usenet.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (SunOS)
iD8DBQFAp6GjvmGe70vHPUMRAgeoAKDgER5zPQaS4QkdGT+CvZCKUXMk7ACeOU7D
z8MpJRwZKTROoErjxq0mooI=
=3ag+
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list