Bind-9 strangeness ?

Barry Margolin barry.margolin at level3.com
Thu Aug 14 21:23:57 UTC 2003 

In article <bhgu3u$28up$1 at sf1.isc.org>,  <phn at icke-reklam.ipsec.nu> wrote:
>Asking for something non-existing
>> dig folkuniversitetet.se. txt
>
>; <<>> DiG 9.2.2 <<>> folkuniversitetet.se. txt
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24954
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;folkuniversitetet.se.          IN      TXT
>
>;; AUTHORITY SECTION:
>folkuniversitetet.se.   10800   IN      SOA     fuggns1.fu-v.com.
>dns.fu-v.com. 2003081303 10800 3600 604800 21600
>
>;; Query time: 29 msec
>;; SERVER: 127.0.0.1#53(127.0.0.1)
>;; WHEN: Thu Aug 14 21:29:00 2003
>;; MSG SIZE  rcvd: 94
>
>Note that dig output says nothing strange here. But a

Yes, it *is* strange.  It's returning an NXDOMAIN status, which means that
the name doesn't exist at all.  It should return a NOERROR status, with an
empty ANSWER SECTION, to indicate that the name exists but has no records
of the requested type.

>question about
>> dig folkuniversitetet.se. ns
>
>; <<>> DiG 9.2.2 <<>> folkuniversitetet.se. ns
>;; global options:  printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14954
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;folkuniversitetet.se.          IN      NS
>
>;; AUTHORITY SECTION:
>folkuniversitetet.se.   8719    IN      SOA     fuggns1.fu-v.com.
>dns.fu-v.com. 2003081303 10800 3600 604800 21600
>
>returns no information. Dumping database at this time
>reveals :
>dumpdb ger :
>; authauthority
>folkuniversitetet.se.   9908    \-ANY   ;-$
>; additional
>fc.folkuniversitetet.se. 82997  A       212.247.178.101
>; authanswer
>www.folkuniversitetet.se. 82900 A       212.247.178.100

This is normal negative caching.  An authoritative server said that the
name doesn't exist, so a negative cache entry was created for it.

Of course, there's a strange inconsistency here: it says that the name
doesn't exist, but then put an SOA record for the very same name in the
AUTHORITY SECTION.

>Now, is this a bug in bind-9 ? Or is this the "correct behaviour" ?

I think it's a bug in fuggns1.fu-v.com's DNS software.  BIND 8 and 9 happen
to react to it a little differently, that's all.  But the old saying
applies: Garbage In, Garbage Out.

-- 
Barry Margolin, barry.margolin at level3.com
Level(3), Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list