Question about additional section in BIND-responses

Tom lists at verreckte-cheib.ch
Tue Aug 16 15:28:19 UTC 2022 

Hi list

Using BIND-9.18.5 as a recursive server:
What's the reason, that BIND answers with the additional section for the 
the following query where for example Knot resolver and also PowerDNS 
resolver doesn't add the additional section for the same query?

# Querying BIND
$ dig @test ns bastelwurstel.ch

; <<>> DiG 9.18.5 <<>> @test ns bastelwurstel.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44509
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 5591e3c9e8f24edb0100000062fbb2eb6e52dd8888d8fb37 (good)
;; QUESTION SECTION:
;bastelwurstel.ch.		IN	NS

;; ANSWER SECTION:
bastelwurstel.ch.	288	IN	NS	ns2.netnoise.ch.
bastelwurstel.ch.	288	IN	NS	ns1.netnoise.ch.

;; ADDITIONAL SECTION:
ns1.netnoise.ch.	3565	IN	A	46.22.21.106
ns2.netnoise.ch.	3565	IN	A	46.22.21.107

;; Query time: 0 msec
;; SERVER: 10.100.102.21#53(test) (UDP)
;; WHEN: Tue Aug 16 17:08:27 CEST 2022
;; MSG SIZE  rcvd: 152




# Querying Knot
$ dig @localhost -p 8888 ns bastelwurstel.ch

; <<>> DiG 9.18.5 <<>> @localhost -p 8888 ns bastelwurstel.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1240
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;bastelwurstel.ch.		IN	NS

;; ANSWER SECTION:
bastelwurstel.ch.	600	IN	NS	ns2.netnoise.ch.
bastelwurstel.ch.	600	IN	NS	ns1.netnoise.ch.

;; Query time: 44 msec
;; SERVER: 127.0.0.1#8888(localhost) (UDP)
;; WHEN: Tue Aug 16 17:23:27 CEST 2022
;; MSG SIZE  rcvd: 90


BIND (resolver) is configured with "minimal-responses yes;", but I 
assume this is an authoritative-only-option...., right?

When flushing the cache for the servers mentioned in the additional 
section (rndc flushname ns1.netnoise.ch; rndc flushname 
ns2.netnoise.ch), then the response looks similar to Knot's/PDNS's response:

# Querying BIND after flushing the cache
$ dig @test ns bastelwurstel.ch

; <<>> DiG 9.18.5 <<>> @test ns bastelwurstel.ch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39403
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6d897a3fd76dd8150100000062fbb44d5082963f3c5dedd4 (good)
;; QUESTION SECTION:
;bastelwurstel.ch.		IN	NS

;; ANSWER SECTION:
bastelwurstel.ch.	596	IN	NS	ns2.netnoise.ch.
bastelwurstel.ch.	596	IN	NS	ns1.netnoise.ch.

;; Query time: 4 msec
;; SERVER: 10.100.102.21#53(test) (UDP)
;; WHEN: Tue Aug 16 17:14:21 CEST 2022
;; MSG SIZE  rcvd: 120



Any hints why BIND adds the additional section while other resolvers 
doesn't? Is there an option in BIND to behave like Knot/PDNS?

Many thanks.

Regards,
Tom

More information about the bind-users mailing list