Authority and Additional sections (was Re: bind vs djbdns)
D. J. Bernstein
75628121832146-bind at sublist.cr.yp.to
Tue Sep 5 23:23:35 UTC 2000
RFC 1034 has several examples of answers with empty AU/AR sections. The
Microsoft DNS example is fine.
Kevin's suggestion for BIND 9 is how djbdns already works. Responses
from caches don't include AU/AR. Responses to caches include AU/AR so
that smart caches can avoid unnecessary requests to parent servers. But
this isn't required.
BIND's AU/AR behavior, on the other hand, violates the RFCs. BIND
repeats an RR set from AN to AR in the following situation:
% dnsq a ns-ext.vix.com ns-ext.vix.com
1 ns-ext.vix.com:
117 bytes, 1+1+2+2 records, response, authoritative, noerror
query: 1 ns-ext.vix.com
answer: ns-ext.vix.com 3600 A 204.152.184.64
authority: vix.com 3600 NS ns-ext.vix.com
authority: vix.com 3600 NS ns1.gnac.com
additional: ns-ext.vix.com 3600 A 204.152.184.64
additional: ns1.gnac.com 657 A 209.182.195.77
%
This blatantly violates section 5.5 of RFC 2181. Beware that you'll
misinterpret section 5.5 if you haven't read section 3.
---Dan
More information about the bind-users
mailing list