from nslookup's query

Kevin Darcy kcd at daimlerchrysler.com
Mon Sep 17 18:31:42 UTC 2007 

There are 2 main situations where you will encounter a 
"non-authoritative" response.

The first is when the response is coming from cached data. It's not 
"authoritative" because the data may have changed since it was cached 
and therefore may be out of date. (In practice, this designation is 
somewhat meaningless since data can take the same amount of time, if not 
longer, to replicate from a master server to its slaves, all of whom 
give "authoritative" answers. So authoritativeness really isn't a 
reliable gauge of how likely a given piece of data is to be current or 
stale).

The second situation is when the nameserver being queried is 
authoritative for an ancestor zone (parent zone, grandparent zone, or 
higher) of the zone being sought, but not actually authoritative for the 
zone itself. It will give a "referral" response to a lower level of the 
hierarchy (i.e. closer to the data you seek), and this "referral" will 
be non-authoritative, because the corresponding data in the zone itself 
is considered of higher "credibility" and will take precedence if both 
sets of data are available to be cached.

The typical case in which you'll get a referral will be when your 
resolver queries a name and you have nothing already cached for the part 
of the hierarchy in which the name is contained, e.g. querying a .com 
name after having just started your caching resolver. In this example, 
you'll get a referral for each step of the hierarchy, from root to .com, 
from .com to the domain in question, etc. You'll cache the results of 
those referrals so that you can bypass some of those steps on subsequent 
queries (until, of course, the cached data expires, at which time you'll 
need to start over again).

                                                                         
                                 - Kevin


Byung-Hee HWANG wrote:
> Hi there,
>
> I had some answer from nslookup's query on my machine (FreeBSD
> 4.11-STABLE) last evening. BTW, what is different between
> "Non-authoritative answer" and "Authoritative answer"? 
> Yes, I'm beginner about DNS.
>
> Here is the example:
>
> ---> the example begins here <---
> bh at draba:~> nslookup
> Default Server:  setaria.izb.knu.ac.kr
> Address:  155.230.165.20
>
>   
>> set type=NS
>> 230.155.in-addr.arpa.
>>     
> Server:  setaria.izb.knu.ac.kr
> Address:  155.230.165.20
>
> Non-authoritative answer:
> 230.155.in-addr.arpa    nameserver = ns.ce.knu.ac.kr
> 230.155.in-addr.arpa    nameserver = ns.knu.ac.kr
> 230.155.in-addr.arpa    nameserver = ns2.knu.ac.kr
>
> Authoritative answers can be found from:
> ns.ce.knu.ac.kr internet address = 155.230.29.7
> ns.knu.ac.kr    internet address = 155.230.10.2
> ns2.knu.ac.kr   internet address = 155.230.128.2
>   
> ---> the example ends here <---
>
> Sincerely,
>
> Byung-Hee
>
>
>
>
>

More information about the bind-users mailing list