about AUTHORITY SECTION
Mark Andrews
marka at isc.org
Sat Mar 5 03:31:32 UTC 2011
In message <AANLkTimaG7Wv7+QYaXKqGKAaAd-iOcrZ31Rar2+1U8_K at mail.gmail.com>, terr
y writes:
> >
> > But in this case, you're asking the authotrative server. Authorative server
> > answers in answer section, as it knows the answer. Authorative section is
> > for 'I don't know, ask ...'
> > The rule above goes for servers which are not authorative for a given zone.
> > Torinthiel
> > _______________________________________________
>
>
> I'm very sorry, just by typo, I do mean this case:
>
> $ dig test.nsbeta.info ns @ns33.domaincontrol.com
>
> ; <<>> DiG 9.4.2-P2.1 <<>> test.nsbeta.info ns @ns33.domaincontrol.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13538
> ;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;test.nsbeta.info. IN NS
>
> ;; ANSWER SECTION:
> test.nsbeta.info. 3600 IN NS ns2.dnsbed.com.
> test.nsbeta.info. 3600 IN NS ns1.dnsbed.com.
>
> ;; Query time: 186 msec
> ;; SERVER: 216.69.185.17#53(216.69.185.17)
> ;; WHEN: Sat Mar 5 09:36:58 2011
> ;; MSG SIZE rcvd: 122
>
>
> So why does ns33.domaincontrol.com answer with ANSWER SECTION rather
> than AUTHORITY SECTION?
If you ask with rd=0 (+norec), which is what nameservers do, you
get the referral. Presumably ns33.domaincontrol.com is running
BIND 8 which didn't fully comply the RFC 1034. One of the reasons
for writing BIND 9 was to sort out these corner cases.
If rd=1 BIND 8 assumed that there was a stub resolver talking to
it so it put the response in the answer section despite it not being
authoritative for the child zone. It rd=0 it did what RFC 1034
said to do, put the response in the authority section.
BIND 9 will actually recurse if rd=1 and the client is in the
allow-recursion acl and fetch the answer from the child zone and
return it. If not it will return a referral.
Mark
; <<>> DiG 9.6.0-APPLE-P2 <<>> test.nsbeta.info +norec @ns33.domaincontrol.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16305
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;test.nsbeta.info. IN A
;; AUTHORITY SECTION:
test.nsbeta.info. 3600 IN NS ns2.dnsbed.com.
test.nsbeta.info. 3600 IN NS ns1.dnsbed.com.
;; Query time: 400 msec
;; SERVER: 216.69.185.17#53(216.69.185.17)
;; WHEN: Sat Mar 5 14:20:26 2011
;; MSG SIZE rcvd: 122
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list