.info root servers responding in authority section, not answer section?

Barry Margolin barmar at genuity.net
Sat Oct 20 00:16:26 UTC 2001

In article <9qqd5f$arf at pub3.rc.vix.com>,
R. Scott Perry <misclists at declude.com> wrote:
>Looking up the NS record for declude.info at tld1.nominum.com returns 0 
>answers, and the 2 NS records in the authority section.
>Are both types of responses correct?  Why the inconsistency?  I checked a 
>few RFCs (1034/1035/2181) and wasn't able to figure out what section covers 

I'm pretty sure the .info responses are wrong.  RFC 1034 is pretty clear
that records that match the query go into the Answer section:

         a. If the whole of QNAME is matched, we have found the
            Otherwise, copy all RRs which match QTYPE into the
            answer section and go to step 6.

Nothing in RFC 2181 seems to alter this.

I suspect what's happening is broken duplicate suppression.  RFC 2181 says
that the same record should not appear in multiple sections, and recent
versions of BIND automatically put the NS records for the zone in the
Authority section when replying.  It seems like Nominum's servers notice
that in this case the NS records are in both the Answer and Authority
sections, and they mistakenly removed them from the Answer section.  The
right thing would be to remove them from the Authority section.

I wonder what software they're running on these machines.  Nominum is the
company that maintains BIND, but these servers don't respond to
VERSION.BIND queries (I get status=REFUSED).

Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
