Bind 8.2 with non Bind 8.2 interoperability + AA flag

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Wed Jan 5 07:33:30 UTC 2000 

> 
> Hello and my best whishes to all,
> 
> Hopefully somebody can enlighten me on 2 points :
> 1. I'm puzzled about the cooperation between Bind 8.2 and others with
> respect to $TTL.
> When performing a zone transfert and obtaining a zone from a
> bind8.2 server (with named-xfer)
> I notice :
> - the $TTL value appears explicitly on each record, except for the SOA
> - the "ttl" from the SOA record is in the SOA itself and appears as ttl
> for that record

	It should be set on the SOA record as well.

> The same operation on a bind8.1.2 server reveals :
> - the "ttl" from the SOA is everywhere (in the SOA and as ttl for all
> records)
> 
> So I've already learned (but should have guessed) that the $TTL is
> merely a local syntax for Bind8.2
> and the line itself is not sent over the network.  But then, how  can a
> Bind8.2 slave for a non Bind8.2
> master "know" that a negative cache time of 10 minutes (the build in
> default prior to bind8.2) should
> be given in its replies ?

	It can't.  It will honour what ever is in the minimum field.

> 
> 2. While looking into packets to try and puzzle out point 1 myself,
> I also noticed the AA flag is
> always set in replies with rcode == NXDOMAIN.  Even if this answers
> comes from a caching only
> name server.
> And the AA flag is also set in replies from a caching only name server
> if that server had to lookup the
> answer itself (ttl values being identical to the ones in the
> SOA record).
> It strikes me as odd because I'd just read the passage in O'Reilly's
> book stating that the AA flag
> gives an indication of the authority of the replying name server with
> respect to the domain queried for.

	If you read the code it states that this is a violation.
	It can also be turned off via options.  See auth-nxdomain.
	In BIND 9 this will default to "no" rather than "yes";

	Mark
> 
> Thanks for any clarifying answer,
> 
> Marc Lampo
> 
> -- --
> Security Engineer for C-CURE CBVA, Belgium
> Guest teacher of Client/Server Programming @ AT Computing (Dutch only)
> Opionions are strictly personal and do not commit either company
> 
> 
> 
> 
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list