Clarification on bind response
Kevin Darcy
kcd at chrysler.com
Tue Aug 24 16:37:42 UTC 2010
On 8/24/2010 8:18 AM, rams wrote:
>
> Hi
> When we have data as follows queried domain
> "maint.rameshops5526old.com <http://maint.rameshops5526old.com/>."
> against bind and my own resolver. Bind and my resolver response are
> same but only mismatching with flags. bind is returning AA flag but my
> resolver is not returning AA flag. in this case wihcih is correct bind
> or my resolver?
> Zone: rameshops5526old.com <http://rameshops5526old.com/>
>
> maint.rameshops5526old.com <http://maint.rameshops5526old.com/>. 300
> IN CNAME
> maint.global.rameshops5526old.com
> <http://maint.global.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>. 21600 IN
> NS dns5.rameshops5526old.com <http://dns5.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>. 21600 IN
> NS dns2.rameshops5526old.com <http://dns2.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>. 21600 IN
> NS dns1.rameshops5526old.com <http://dns1.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>. 21600 IN
> NS dns6.rameshops5526old.com <http://dns6.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>. 21600 IN
> NS dns4.rameshops5526old.com <http://dns4.rameshops5526old.com/>.
> rameshops5526old.com <http://rameshops5526old.com/>. 21600 IN
> NS dns3.rameshops5526old.com <http://dns3.rameshops5526old.com/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300
> IN NS j.ns.nsatc.net <http://j.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300
> IN NS a.ns.nsatc.net <http://a.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300
> IN NS l.ns.nsatc.net <http://l.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300
> IN NS d.ns.nsatc.net <http://d.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300
> IN NS b.ns.nsatc.net <http://b.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300
> IN NS e.ns.nsatc.net <http://e.ns.nsatc.net/>.
> global.rameshops5526old.com <http://global.rameshops5526old.com/>. 300
> IN NS c.ns.nsatc.net <http://c.ns.nsatc.net/>.
>
>
AA is set on BIND's response because the CNAME is coming directly from
authoritative data.
AA is not set on your resolver's response because the answer *isn't*
coming directly from authoritative data.
Why is this an issue? A stub resolver or an application generally
doesn't -- and shouldn't -- care -- or usually doesn't even *know* --
about the setting of the AA flag.
- Kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100824/b1f7c276/attachment.html>
More information about the bind-users
mailing list