win2k SOA Non-Authoritative Response
Jay Remsen
jkremsen at mail.netusa1.net
Wed Oct 31 18:05:35 UTC 2001
My colleague and I currently support several Bind DNS servers and recently
inherited a win2k DNS active directory server. While trying to integrate the
win2k server into our DNS structure we noticed that the win2k server was
responding to queries with what appears to be non-authoritative answers for
things that it is the authoritative server. Looking at the packets with a
sniffer, we see that the AA bit is set in the replies but there is not any info
in the Authority Section of the packet. However, there is info in the
Additional Section. DIG, NSLOOKUP and Host commands all show the replies as
being non-authoritative even when the AA bit is set. The following is an
example of what we are seeing.
$ dig @192.168.40.51 soa academy.com.
; <<>> DiG 8.3 <<>> @192.168.40.51 soa academy.com.
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUERY SECTION:
;; academy.com, type = SOA, class = IN
;; ANSWER SECTION:
academy.com. 1H IN SOA plato.academy.com. admin. (
104 ; serial
15M ; refresh
10M ; retry
1D ; expiry
1H ) ; minimum
;; ADDITIONAL SECTION:
plato.academy.com. 1H IN A 192.168.40.51
;; Total query time: 3 msec
;; FROM: kotpns01 to SERVER: 192.168.40.51
;; WHEN: Wed Oct 31 12:47:56 2001
Has anyone seen this before, or thinks that this is going to be a problem in a
bind environment?
Thanks,
Jay Remsen
jkremsen at netusa1.net
1
More information about the bind-users
mailing list