Long response for a non-authoritative answers
Kevin Darcy
kcd at daimlerchrysler.com
Fri Sep 21 00:44:45 UTC 2001
Cricket Liu wrote:
> > > Right. That means that the answer is not in your local cache, so
> > >your local nameserver has to go find the answer before it can display
> > >it to you.
> >
> > But if the answer came from the authoritative server, it should be an
> > authoritative answer. If the answer is non-authoritative, it means it
> came
> > from the cache, so the response time shouldn't have been long.
>
> Actually, BIND 9's different from BIND 8 in that regard. Watch me
> query my BIND 9.2.0rc3 name server for a domain name it doesn't
> have cached:
>
> $ dig cnn.com.
>
> ; <<>> DiG 8.3 <<>> cnn.com.
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 4, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;; cnn.com, type = A, class = IN
>
> ;; ANSWER SECTION:
> cnn.com. 15M IN A 64.12.50.249
> cnn.com. 15M IN A 207.25.71.5
> cnn.com. 15M IN A 207.25.71.25
> cnn.com. 15M IN A 207.25.71.27
> cnn.com. 15M IN A 207.25.71.29
> cnn.com. 15M IN A 64.12.48.217
> cnn.com. 15M IN A 64.12.48.249
> cnn.com. 15M IN A 64.12.50.121
> cnn.com. 15M IN A 64.12.50.153
> cnn.com. 15M IN A 64.12.50.217
>
> Note how suspiciously round the TTLs are, and yet no "aa" bit.
>
> Personally, I thought the old behavior, of returning the first answer
> with "aa" set, made a certain amount of sense.
I've always thought the opposite; that it made no sense for a
non-authoritative server to be returning an authoritative answer. I've also
found it annoying to have to set +norec on the query, or repeat it, in
order to determine whether the server is *really* authoritative for the
zone or not.
- Kevin
More information about the bind-users
mailing list