BIND 9.1.0 eccentricities (non-auth replies and format errors)

Jim Reid jim at rfc1035.com
Wed Jan 31 19:05:49 UTC 2001


>>>>> "Christopher" == Zarcone, Christopher <Christopher.Zarcone at netigy.com> writes:

    Christopher> 1. Other than local authoritative data, every query
    Christopher> automatically comes back "Non-authoritative reply"
    Christopher> even on the first attempt. It has been my previous
    Christopher> experience with BIND 8 that non-cached lookups come
    Christopher> directly from the authoritative source, which are
    Christopher> summarily cached, and subsequent lookups of the same
    Christopher> name are "non-authoritative" and fed from the
    Christopher> cache. Any ideas, perhaps some sort of change in BIND
    Christopher> 9?

Yes. BIND9 gets it right. The legacy behaviour in BIND8 was/is wrong.
It should not have been setting the aa bit when returning an answer
that clearly wasn't authoritative.

    Christopher> 2. Sniffer traces show an unusual number of format
    Christopher> errors with DNS queries.  Usually the first query to
    Christopher> a given name server will fail with this error, but
    Christopher> subsequent queries. My suspicion is that BIND 9 is
    Christopher> using some new query format that other servers don't
    Christopher> understand, then reverts to a legacy query format,

This will be the BIND9 server attempting ENDS0 probes to see if the
remote server supports ENDS0: essentially DNS with bigger packets.
Servers that don't support EDNS0 should send back FORMERR "Format
error" responses to those probes.


More information about the bind-users mailing list