from nslookup's query
Kevin Darcy
kcd at daimlerchrysler.com
Mon Sep 17 18:31:42 UTC 2007
There are 2 main situations where you will encounter a
"non-authoritative" response.
The first is when the response is coming from cached data. It's not
"authoritative" because the data may have changed since it was cached
and therefore may be out of date. (In practice, this designation is
somewhat meaningless since data can take the same amount of time, if not
longer, to replicate from a master server to its slaves, all of whom
give "authoritative" answers. So authoritativeness really isn't a
reliable gauge of how likely a given piece of data is to be current or
stale).
The second situation is when the nameserver being queried is
authoritative for an ancestor zone (parent zone, grandparent zone, or
higher) of the zone being sought, but not actually authoritative for the
zone itself. It will give a "referral" response to a lower level of the
hierarchy (i.e. closer to the data you seek), and this "referral" will
be non-authoritative, because the corresponding data in the zone itself
is considered of higher "credibility" and will take precedence if both
sets of data are available to be cached.
The typical case in which you'll get a referral will be when your
resolver queries a name and you have nothing already cached for the part
of the hierarchy in which the name is contained, e.g. querying a .com
name after having just started your caching resolver. In this example,
you'll get a referral for each step of the hierarchy, from root to .com,
from .com to the domain in question, etc. You'll cache the results of
those referrals so that you can bypass some of those steps on subsequent
queries (until, of course, the cached data expires, at which time you'll
need to start over again).
- Kevin
Byung-Hee HWANG wrote:
> Hi there,
>
> I had some answer from nslookup's query on my machine (FreeBSD
> 4.11-STABLE) last evening. BTW, what is different between
> "Non-authoritative answer" and "Authoritative answer"?
> Yes, I'm beginner about DNS.
>
> Here is the example:
>
> ---> the example begins here <---
> bh at draba:~> nslookup
> Default Server: setaria.izb.knu.ac.kr
> Address: 155.230.165.20
>
>
>> set type=NS
>> 230.155.in-addr.arpa.
>>
> Server: setaria.izb.knu.ac.kr
> Address: 155.230.165.20
>
> Non-authoritative answer:
> 230.155.in-addr.arpa nameserver = ns.ce.knu.ac.kr
> 230.155.in-addr.arpa nameserver = ns.knu.ac.kr
> 230.155.in-addr.arpa nameserver = ns2.knu.ac.kr
>
> Authoritative answers can be found from:
> ns.ce.knu.ac.kr internet address = 155.230.29.7
> ns.knu.ac.kr internet address = 155.230.10.2
> ns2.knu.ac.kr internet address = 155.230.128.2
>
> ---> the example ends here <---
>
> Sincerely,
>
> Byung-Hee
>
>
>
>
>
More information about the bind-users
mailing list