about AUTHORITY SECTION
terry
terry at list.dnsbed.com
Sat Mar 5 03:44:17 UTC 2011
2011/3/5 Mark Andrews <marka at isc.org>:
>> So why does ns33.domaincontrol.com answer with ANSWER SECTION rather
>> than AUTHORITY SECTION?
>
> If you ask with rd=0 (+norec), which is what nameservers do, you
> get the referral. Presumably ns33.domaincontrol.com is running
> BIND 8 which didn't fully comply the RFC 1034. One of the reasons
> for writing BIND 9 was to sort out these corner cases.
>
> If rd=1 BIND 8 assumed that there was a stub resolver talking to
> it so it put the response in the answer section despite it not being
> authoritative for the child zone. It rd=0 it did what RFC 1034
> said to do, put the response in the authority section.
>
> BIND 9 will actually recurse if rd=1 and the client is in the
> allow-recursion acl and fetch the answer from the child zone and
> return it. If not it will return a referral.
>
That's the great answer.
You have cleaned my confusion which exists long time in my head.
Thanks a lot Mark.
More information about the bind-users
mailing list