Why do some parent NSs "lie" about delegation records?
Len Conrad
LConrad at Go2France.com
Wed Jan 7 13:06:47 UTC 2004
An "honest" parent:
dig @a.gtld-servers.net yahoo.com ns
; <<>> DiG 9.2.3 <<>> @a.gtld-servers.net yahoo.com ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2128
;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5
;; QUESTION SECTION:
;yahoo.com. IN NS
;; ANSWER SECTION:
yahoo.com. 172800 IN NS ns1.yahoo.com.
yahoo.com. 172800 IN NS ns2.yahoo.com.
yahoo.com. 172800 IN NS ns3.yahoo.com.
yahoo.com. 172800 IN NS ns4.yahoo.com.
yahoo.com. 172800 IN NS ns5.yahoo.com.
ie, the parent NS has the "yahoo.com NS" records, so ANSWERs with them.
In contrast, a "lying" parent:
# dig @ns1.ausregistry.net. yahoo.com.au ns
; <<>> DiG 9.2.3 <<>> @ns1.ausregistry.net. yahoo.com.au ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21497
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 0
;; QUESTION SECTION:
;yahoo.com.au. IN NS
;; AUTHORITY SECTION:
yahoo.com.au. 86400 IN NS ns3.yahoo.com.
yahoo.com.au. 86400 IN NS ns4.yahoo.com.
yahoo.com.au. 86400 IN NS ns5.yahoo.com.
yahoo.com.au. 86400 IN NS ns1.yahoo.com.
yahoo.com.au. 86400 IN NS ns2.yahoo.com.
It appears the com.au. parent NS is "lying" about not having an ANSWER to
the query "yahoo.com.au NS", so gives a referral containing the
"yahoo.com.au NS" records (so in fact it DOES have the ANSWER to the query).
While this behavior does not break the navigation of the chain of
delegation to arrive at NSs auth for the child zone, why do these parent
NSs "lie" about not having the ANSWERs for child delegation records?
Is there a BIND parameter for that com.au. behavior, er, behaviour?
Len
_____________________________________________________________________
http://MenAndMice.com/DNS-training : London; San Jose; Chicago
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
More information about the bind-users
mailing list