Why do some parent NSs "lie" about delegation records?
Jim Reid
jim at rfc1035.com
Wed Jan 7 14:15:10 UTC 2004
>>>>> "Len" == Len Conrad <LConrad at Go2France.com> writes:
Len> An "honest" parent:
Len> dig @a.gtld-servers.net yahoo.com ns
Len> ie, the parent NS has the "yahoo.com NS" records, so ANSWERs
Len> with them.
Len> In contrast, a "lying" parent:
Len> dig @ns1.ausregistry.net. yahoo.com.au ns
Len> why do these parent NSs "lie" about not having the ANSWERs
Len> for child delegation records?
As Mark has pointed out, these servers are not lying. It's the servers
that you've called "honest" that are the ones who are lying. A zone's
NS records should go in the Authority Section of a reply from the
parent zone's servers, not the Answer Section. After all it's the
child that's definitive for the delegation, not the parent.
Len> Is there a BIND parameter for that com.au. behavior, er,
Len> behaviour?
What makes you think this is or could be a BIND issue? The name
servers for .com don't run BIND. The discrepancy you've noticed can
be explained by the fact the two servers you queried run different
implementations.
The same behaviour can be seen in the replies from the root servers
when they're queried for a TLD delegation. a.root-servers.net -- which
runs the same Verisign software as the .com servers -- puts the NS
records in the Answer Section, as do the root servers that appear to
be running BIND8. However the root servers which run NSD or BIND9 put
the NS records in the Authority, not the Answer Section.
More information about the bind-users
mailing list