NS records for authoritative answer: necessary?
Kevin Darcy
kcd at daimlerchrysler.com
Wed Oct 18 20:20:28 UTC 2006
Gonzalo HIGUERA DÍAZ wrote:
> Hello,
>
> Given a (SOA) query to an authoritative server of that zone, is it
> necessary for it to include NS records in the answer (in the authority
> section)? BIND seems to do so but no so (some) servers, notably
> Windows ones. I was wondering if Windows whether behaves wrongly or if
> BIND is simply being verbose. (From my understanding of the algorithm
> described in RFC 1034 there is no need for NS records because the
> answer is authoritative, but I might be missinterpreting it.)
>
> This question arises from the behaviour of the zone file timestamp
> when refreshing a zone in BIND (e.g. forcibly through "rndc refresh"
> under version 9.2.4 in GNU/Linux). In most cases, the timestamp is
> updated even if there is no need for update (i.e. the zone's serial
> number has not changed). For some servers however, notably (all?)
> Windows servers, this is not the case. The only obvious difference I
> is the absence of NS entries in the authority section of the answer.
> Is this the same for other other BIND versions? Are there any concerns
> I should be aware of?
>
No, it's not required to provide NS records in that case, it's only a
courtesy.
I wouldn't worry too much about timestamps. BIND uses those internally
for keeping track of the zone's "freshness", but as a user or an app,
you should be looking at only the SOA.SERIAL to determine whether a
given zone is up to date on a given server.
- Kevin
More information about the bind-users
mailing list