ignoring incorrect nameservers in authority section

Stacey Jonathan Marshall - Solaris Software stacey.marshall at oracle.com
Thu Dec 30 11:32:34 UTC 2010 

  On 12/30/10 10:45, Torinthiel wrote:
> Dnia 2010-12-30 18:03 pyh at mail.nsbeta.info napisał(a):
>
>> Sunil Shetye writes:
>>
>>> Case 2: Lame Server Reply
>>>
>>> ===================================================================
>>> $ dig +norecurse @a.iana-servers.net. example.org.
>>> ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>>>
>>> ;; QUESTION SECTION:
>>> ;example.org.		IN  A
>>>
>>> ;; ANSWER SECTION:
>>> example.org.	    172800  IN	A   192.0.32.10
>>>
>>> ;; AUTHORITY SECTION:
>>> example.org.	    172800  IN	NS  ns1.example.org.
>>> example.org.	    172800  IN	NS  ns2.example.org.
>>> ===================================================================
>>>
>>> This is a lame server reply. bind ignores this reply. bind will give a
>>> server fail reply to the client.
>>>
>>
>> Would you please tell me why this is a lame server reply? why bind will
>> give a server fail reply to the client? Thanks again a lot.
> Because it's contrary to itself.
> You've specified norecurse, which means that if nameserver believes it has
> authorative data it should return it, if it doesn't it should return a
> referral (and no answer beside it).

No, the +norecurse asks the server to provide any answer it has, and not to go 
looking for it if it does not have an answer. So from the response above the 
server has already cached an answer.  Note too that the 'aa' (authoritative 
answer) flag is not set.  Which is interesting as the same query for me gets:

$ dig +norecurse @a.iana-servers.net. example.org.

;<<>>  DiG 9.3.6-P1<<>>  +norecurse @a.iana-servers.net. example.org.
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 811
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;example.org.                   IN      A

;; ANSWER SECTION:
example.org.            172800  IN      A       192.0.32.10

;; AUTHORITY SECTION:
example.org.            172800  IN      NS      a.iana-servers.net.
example.org.            172800  IN      NS      b.iana-servers.net.

;; Query time: 144 msec
;; SERVER: 192.0.34.43#53(192.0.34.43)
;; WHEN: Thu Dec 30 11:29:24 2010
;; MSG SIZE  rcvd: 104



-- 
--Stacey

More information about the bind-users mailing list