ENC: Non-authoritative Answer

Jim Reid jim at rfc1035.com
Tue Sep 5 14:24:08 UTC 2000 

>>>>> "Marcelo" == Marcelo Sequeiros <mseq at tintainvisivel.com.br> writes:

    Marcelo>     I have a domain called tintainvisivel.com.br
    Marcelo> published on the Name Servers from my ISP. I had some
    Marcelo> trouble with it and I'm trying to set 2 of my Linux
    Marcelo> Machines to respond NS Queries. Unfortunately since I got
    Marcelo> all the configuration done on the primary one, every
    Marcelo> query I do with the NSLOOKUP returns "Non-authoritative
    Marcelo> Answer".

Well, you could start by using dig instead of the useless and confusing
nslookup.

    Marcelo>     These are my files: The named.conf is the boot file
    Marcelo> from named The tintainvisivel.com.br is my zone info The
    Marcelo> 100.225.200 is my reverse.

Thanks for providing the files. They seem OK, apart from some typos in
the reverse zone file. Apart from that there are quite a few problems
that need to be fixed. The first is finding out why nslookup provides
non-authoritative answers. Maybe it's querying a name server that
isn't authoritative for tintainvisivel.com.br? What's in resolv.conf?
It's a pity you didn't provide that file or the address(es) of the
name server(s) you're configuring. [BTW, you'd get non-authoritative
answers from dig if you used that to query the same name server.] If
you're querying your master (primary) server for names in
tintainvisivel.com.br and it's giving non-authoritative answers, then
your name server configuration or zone files are broken. Check the
name server logs when you load the zones. The NS record lines in the
reverse zone file are missing white space at the start of the
line. [That's the typo I mentioned earlier.] This means that you've
accidentally created a delegation for IN.100.225.200.in-addr.arpa. In
addition there are no NS records for 100.225.200.in-addr.arpa, which
means your name server won't be authoritative for that zone.

The next problem concerns delegation. The tintainvisivel.com.br and
100.225.200.in-addr.arpa have not been delegated to your servers.
Both of these zones are served by horacio.pontocom.com.br and
cebolinha.pontocom.com.br. They answer authoritatively for these
zones. So you need to get them delegated to your name servers once
you've got them set up correctly.

You also say that "I have only one subnet from the C Class". I assume
this means you've only been assigned a small number of IP addresses
from the 200.225.100/24 network. If so, the owner of the reverse zone
100.225.200.in-addr.arpa needs to set up an RC2317-style delegation of
those addresses to you. ie He/she makes 66.100.225.200.in-addr.arpa a
CNAME which points at some PTR record in a zone managed by you. This
would also mean that your server should not be master or slave for the
100.225.200.in-addr.arpa. You don't own the whole /24 net, so it's
wrong to claim ownership of its corresponding reverse zone.

More information about the bind-users mailing list