Bind 8.2 with non Bind 8.2 interoperability + AA flag
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Wed Jan 5 07:33:30 UTC 2000
>
> Hello and my best whishes to all,
>
> Hopefully somebody can enlighten me on 2 points :
> 1. I'm puzzled about the cooperation between Bind 8.2 and others with
> respect to $TTL.
> When performing a zone transfert and obtaining a zone from a
> bind8.2 server (with named-xfer)
> I notice :
> - the $TTL value appears explicitly on each record, except for the SOA
> - the "ttl" from the SOA record is in the SOA itself and appears as ttl
> for that record
It should be set on the SOA record as well.
> The same operation on a bind8.1.2 server reveals :
> - the "ttl" from the SOA is everywhere (in the SOA and as ttl for all
> records)
>
> So I've already learned (but should have guessed) that the $TTL is
> merely a local syntax for Bind8.2
> and the line itself is not sent over the network. But then, how can a
> Bind8.2 slave for a non Bind8.2
> master "know" that a negative cache time of 10 minutes (the build in
> default prior to bind8.2) should
> be given in its replies ?
It can't. It will honour what ever is in the minimum field.
>
> 2. While looking into packets to try and puzzle out point 1 myself,
> I also noticed the AA flag is
> always set in replies with rcode == NXDOMAIN. Even if this answers
> comes from a caching only
> name server.
> And the AA flag is also set in replies from a caching only name server
> if that server had to lookup the
> answer itself (ttl values being identical to the ones in the
> SOA record).
> It strikes me as odd because I'd just read the passage in O'Reilly's
> book stating that the AA flag
> gives an indication of the authority of the replying name server with
> respect to the domain queried for.
If you read the code it states that this is a violation.
It can also be turned off via options. See auth-nxdomain.
In BIND 9 this will default to "no" rather than "yes";
Mark
>
> Thanks for any clarifying answer,
>
> Marc Lampo
>
> -- --
> Security Engineer for C-CURE CBVA, Belgium
> Guest teacher of Client/Server Programming @ AT Computing (Dutch only)
> Opionions are strictly personal and do not commit either company
>
>
>
>
--
Mark Andrews, Nominum Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list