Strange response for dlci.co.uk.

Barry Margolin barmar at bbnplanet.com
Mon Nov 29 19:46:19 UTC 1999 

In article <81u6mb$rps$1 at pegasus.csx.cam.ac.uk>,
Chris Thompson <cet1 at cus.cam.ac.uk> wrote:
>A few weeks ago, someone asked on comp.unix.solaris about messages from nscd
>of the shape
>
>  gethostby*.getanswer: asked for "dlci.co.uk IN A", got type "SOA"
>
>There's no great mystery in this because that's what the official servers for
>dlci.co.uk (map[1-4].dns.gxn.net) are doing: responding to a request for an
>A record with an SOA record in the answer section. (See below for an example.)
>
>However, I am still intrigued by what sort of buggy named or configuration
>could cause this, as it's something I don't recall having seen before.

This looks like a buggy implementation of RFC 2308 (DNS Negative Caching).
When the requested data can't be found (either the name doesn't exist, or
the name exists but has no records of the requested type) the server should
return a response with an empty Answer section and the SOA record in the
Authority section (the MinTTL field of the SOA is should be used as the
negative cache TTL).

For some reason, map4.dns.gxn.net (and map1 through map3 as well) is
putting the SOA record in the Answer section rather than the authority
section.

>
>Any ideas?
>
>; <<>> DiG 2.1 <<>> +norecurse a dlci.co.uk. @map4.dns.gxn.net. 
>; (1 server found)
>;; res options: init defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
>;; flags: qr aa; Ques: 1, Ans: 1, Auth: 0, Addit: 0
>;; QUESTIONS:
>;;      dlci.co.uk, type = A, class = IN
>
>;; ANSWERS:
>dlci.co.uk.     86400   SOA     map1.dns.gxn.net. hostmaster.freenetname.co.uk. (
>                        1       ; serial
>                        2800    ; refresh (46 mins 40 secs)
>                        7200    ; retry (2 hours)
>                        604800  ; expire (7 days)
>                        300 )   ; minimum (5 mins)
>
>;; Total query time: 184 msec
>;; FROM: taurus.cus.cam.ac.uk to SERVER: map4.dns.gxn.net.  195.224.255.34
>;; WHEN: Mon Nov 29 15:26:31 1999
>;; MSG SIZE  sent: 28  rcvd: 108
>
>BTW, I tried to report this to the SOA.rname (mail bounces, of course), and
>to some likely addresses @dlci.co.uk (which were met only by incomprehesion).
>I mention this only to save others the trouble of trying that themselves. :-)
>
>Chris Thompson
>Email: cet1 at cam.ac.uk
>


-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list