max-ncache-ttl

Andras Salamon andras at dns.net
Sat Nov 10 09:38:46 UTC 2001 

On Fri, Nov 09, 2001 at 04:22:49PM -0500, England, Robert wrote:
> and MX records. The third one is from the same server as #1 but at a
> different time. What does the LAME= mean? I was not able to lookup the A
> record or the MX record.
> 
> samsung 3138 IN NS nic.samsung.co.kr.  ;Cr=addtnl LAME=158 [203.255.234.103]
>         3138 IN NS red.samsung.co.kr.  ;Cr=addtnl LAME=157 [203.255.234.103]
>         3138 IN NS green.samsung.co.kr.;Cr=addtnl LAME=158 [203.255.234.103]

% dig +norec mx samsung.co.kr. @a.root-servers.net.
[...snip...]
[pick one of the name servers listed, eg. ns.krnic.net]

% dig +norec mx samsung.co.kr. @ns.krnic.net.
[...snip...]
[pick one of the name servers listed, eg. nic.samsung.co.kr]

% dig +norec mx samsung.co.kr. @nic.samsung.co.kr.

; <<>> DiG 8.3 <<>> +norec mx samsung.co.kr. @nic.samsung.co.kr. 
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46685
;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUERY SECTION:
;;	samsung.co.kr, type = MX, class = IN

;; ANSWER SECTION:
samsung.co.kr.		1D IN MX	0 imail00.samsung.co.kr.

;; ADDITIONAL SECTION:
imail00.samsung.co.kr.	1D IN A		203.254.197.70

;; Total query time: 5900 msec
;; FROM: hypatia.dns.net to SERVER: nic.samsung.co.kr.  203.241.132.34
;; WHEN: Sat Nov 10 11:07:26 2001
;; MSG SIZE  sent: 31  rcvd: 71

This answer is non-authoritative, since there is no `aa' (authoritative
answer) flag.  NIC.SAMSUNG.CO.KR has been delegated to in the parent
zone CO.KR as a server for the zone SAMSUNG.CO.KR.  Since it answers
non-authoritatively for queries for records in that zone, it is called
a lame server.

More seriously, each of the three delegated servers was lame when I
ran these queries.  Most commonly this is due to syntax errors in the
zone.  In my experience if a zone is subject to this kind of problem,
the non-authoritative status of answers will intermittently reappear.
In some cases, SERVFAIL could result if the zone were truly broken.
Right now at least the servers are responding, albeit non-authoritatively.

You could check your mail configuration: perhaps your mailer is requiring
authoritative answers when doing DNS lookups (something like the AAONLY
resolver flag).  Changing the configuration could allow lookups to
succeed even with this degree of brokenness.

Unrelated, for BIND gurus: Cricket's DNS & BIND (4th edition), p.476
says that RES_AAONLY flag has not been implemented in either the BIND
resolver or name server.  Is this still true?

-- Andras Salamon                   andras at dns.net

More information about the bind-users mailing list