Expect NOERROR/NODATA, get SERVFAIL
Andris Kalnozols
andris at hpl.hp.com
Tue Aug 6 04:54:34 UTC 2002
It seems that BIND 8.3.3-REL does not want to cache a NOERROR/NODATA
response; SERVFAIL is returned instead. Here's the scenario:
Zone `uia.net' has the following data:
$ORIGIN uia.net.
test.freebsd 4H IN CNAME freebsd
rodopi.freebsd 4H IN CNAME freebsd
The interior label `freebsd' has no RRs associated with the node
and so a QTYPE=ANY query should return NODATA. The authoritative
server running 8.3.3 indeed does:
dig freebsd.uia.net any @NS2.uia.net
; <<>> DiG 8.3 <<>> freebsd.uia.net any @NS2.uia.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; freebsd.uia.net, type = ANY, class = IN
;; AUTHORITY SECTION:
uia.net. 1D IN SOA ns1.uia.net. dns.uia.net. (
2002080504 ; serial
1D ; refresh
1H ; retry
1W ; expiry
1D ) ; minimum
Making a recursive query to a third-party name server (crl.dec.com)
running BIND 8.2.3-REL also gives the same response although repeated
queries always have the AA bit set. Does the default option setting of
`auth-nxdomain yes;' for BIND 8 also apply to NODATA responses as well?
However, the same query directed to my local name server running
8.3.3-REL returns SERVFAIL:
dig freebsd.uia.net any
; <<>> DiG 8.3 <<>> freebsd.uia.net any
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;; freebsd.uia.net, type = ANY, class = IN
Is this a bug or a feature?
Andris
More information about the bind-users
mailing list