bad answers from BIND9 ?

Kevin Darcy kcd at daimlerchrysler.com
Thu Dec 12 17:48:32 UTC 2002


Pawel Krzesniak wrote:

> Hello,
>
> Could you tell me if it is ok?
>
> ###
> question to PNS for .pl running on BIND8:
> $ dig @bilbo.nask.org.pl a.pl ns
>
> ; <<>> DiG 8.3 <<>> @bilbo.nask.org.pl a.pl ns
> ; (2 servers found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;      a.pl, type = NS, class = IN
>
> ;; ANSWER SECTION:
> a.pl.                   1D IN NS        ns1.nss.pl.
> a.pl.                   1D IN NS        ns2.nss.pl.
>
> ;; ADDITIONAL SECTION:
> ns1.nss.pl.             1D IN A         62.121.131.61
> ns2.nss.pl.             1D IN A         62.121.131.62
>
> ;; Total query time: 1 msec
> ;; FROM: bilbo to SERVER: bilbo.nask.org.pl  148.81.16.51
> ;; WHEN: Thu Dec 12 12:40:38 2002
> ;; MSG SIZE  sent: 22  rcvd: 94
>
> ####
> question to SNS running on BIND9:
> dig @ns.ripe.net a.pl ns
>
> ; <<>> DiG 8.3 <<>> @ns.ripe.net a.pl ns
> ; (2 servers found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;      a.pl, type = NS, class = IN
>
> ;; AUTHORITY SECTION:
> a.pl.                   1D IN NS        ns2.nss.pl.
> a.pl.                   1D IN NS        ns1.nss.pl.
>
> ;; ADDITIONAL SECTION:
> ns1.nss.pl.             1D IN A         62.121.131.61
> ns2.nss.pl.             1D IN A         62.121.131.62
>
> ;; Total query time: 87 msec
> ;; FROM: bilbo to SERVER: ns.ripe.net  2001:610:240:0:193::193
> ;; WHEN: Thu Dec 12 12:52:34 2002
> ;; MSG SIZE  sent: 22  rcvd: 94
>
> ##
> is it ok? shoudn't BIND9 do an answer in ANSWER section, not in AUTHORITY ?
> according to RFC1034:
> Question        Carries the query name and other query parameters.
> Answer          Carries RRs which directly answer the query.
>                         ^^^^^^^^^^^

What ns.ripe.net returned to you was a *referral*, not an answer. See section
4.3.1 of the same RFC, bearing in mind that ns.ripe.net does not support
recursion. This has nothing to do with the version of BIND that ns.ripe.net is
running, and everything to do with the *role* that ns.ripe.net serves in the
Internet infrastructure; specifically, ns.ripe.net is a TLD (top-level domain)
server for the ".pl" TLD, and that is the capacity in which it answered that
query.


- Kevin





More information about the bind-users mailing list