To deal with inproper nodata notification
Mark Andrews
marka at isc.org
Sat May 11 11:45:23 UTC 2013
In message <2013051114140947567014 at gmail.com>, "Liu Mingxing" writes:
>
> I found that bind9.9.2 recursor returns servfail to soa requests when
> receiving inproper nodata notification that there is just a root SOA RR
> in the authority section in response from authoritative namservers.
> Just like this as following. Why does it forward the inproper response
> to clients?
No version of BIND 9 accepts those responses. The operators of
vipbiz.cn took short cut and failed to properly set up the zone.
As a result the servers generate incorrect answers. named detects
the incorrect answer, marks the server as bad, tries the other
server, marks it as bad and having exhausted the list of nameservers
for the zone returns SERVFAIL to the client.
> root at localhost secman# dig soft.vipbiz.cn ns @localhost
>
> ; <<>> DiG 9.9.2-P2 <<>> soft.vipbiz.cn ns @localhost
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21576
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;soft.vipbiz.cn. IN NS
>
> ;; Query time: 91 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri May 10 23:08:56 2013
> ;; MSG SIZE rcvd: 43
>
>
>
>
>
> Liu Mingxing
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list