non-improving referral

Mark Andrews marka at isc.org
Thu Jul 8 05:38:13 UTC 2021 

This is an old style referral like you would have got out of BIND4
where the referral appears in the answer section.  Note AA is NOT
set so it is not a valid answer to the question.

% dig +norec ns ok.contact @fwd3.dccdns.com

; <<>> DiG 9.15.4 <<>> +norec ns ok.contact @fwd3.dccdns.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11820
;; flags: qr ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;ok.contact.			IN	NS

;; ANSWER SECTION:
ok.contact.		3600	IN	NS	fwd1.dns.ws.
ok.contact.		3600	IN	NS	fwd3.dns.ws.
ok.contact.		3600	IN	NS	fwd2.dns.ws.
ok.contact.		3600	IN	NS	fwd4.dns.ws.

;; Query time: 176 msec
;; SERVER: 64.70.78.82#53(64.70.78.82)
;; WHEN: Thu Jul 08 15:09:04 AEST 2021
;; MSG SIZE  rcvd: 121

% 

> On 8 Jul 2021, at 01:03, tale <d.lawrence at salesforce.com> wrote:
> 
> On Mon, Jul 5, 2021 at 8:20 PM Mark Andrews <marka at isc.org> wrote:
>> This is an error with the delegation of ok.contact.  The NS records at the delegation point do
>> not match those at the zone apex.
> 
> I'm curious if this is a re-purposing of the existing "non-improving
> referral" message.  I totally get how that brief phrase makes sense
> for a sideways referral, but I'm not seeing how that statement makes
> sense for ok.contact.
> 
> # Delegation for .contact
> $ dig +noall +auth ns contact @a.root-servers.net
> contact. 172800 IN NS demand.beta.aridns.net.au.
> contact. 172800 IN NS demand.alpha.aridns.net.au.
> contact. 172800 IN NS demand.delta.aridns.net.au.
> contact. 172800 IN NS demand.gamma.aridns.net.au.
> 
> # Delegation for ok.contact
> $ dig +noall +auth ns ok.contact @demand.alpha.aridns.net.au.
> ok.contact. 86400 IN NS fwd2.dccdns.com.
> ok.contact. 86400 IN NS fwd1.dccdns.com.
> ok.contact. 86400 IN NS fwd4.dccdns.com.
> ok.contact. 86400 IN NS fwd3.dccdns.com.
> 
> # Apex NS for ok.contact
> $ dig +noall +ans ns ok.contact @fwd1.dccdns.com
> ok.contact. 3499 IN NS fwd4.dns.ws.
> ok.contact. 3499 IN NS fwd2.dns.ws.
> ok.contact. 3499 IN NS fwd1.dns.ws.
> ok.contact. 3499 IN NS fwd3.dns.ws.
> 
> Yes, the apex NS names aren't the same as the delegating NS (though
> the adb addresses are), but that last one isn't a referral.
> 
> I trust you are right, Mark.  I'm just not sure what I'm missing about
> "non-improving referral".
> -- 
> tale

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list