Problem with a host Delagation

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Dec 17 00:03:46 UTC 2003


> > > > Here is a dig debug (from the parent 192.135.189.20) but I have no
> > > > idea what this means or how to correct.
> > >
> > > 	I suggest that you choose another vendor.  Your load balancer
> > > 	does not implement the base DNS specification (RFC 1034).
> > > 	The second answer below is wrong.  The correct answer should
> > > 	be "aa=1 rcode=NOERROR ANSWER=0" (otherwise known as a
> > > 	NODATA response) and if the authority section is filled in
> > > 	then it should contain the NS records for the zone
> (www.pics.com).
> > 
> > 	Sorry I made a error above.
> > 
> > 	The authority section should contain the SOA record for the
> zone.
> > 
> > > 	The second answer below causes named to mark the nameservers as
> > > 	lame hence the SERVFAIL.
> 
> I have been arguing with them about the SOA record issue.  Would this
> corrected information still cause the SERVFAIL message?  Also is there
> another way I can tell bind to have the link controller respond to these
> requests.

	The base problem is that the box is returning a referral to the
	root servers and not a NODATA response.  A referral is what is
	returned by a nameserver that is not configured as a server
	for a zone.

	Whether the box returns a cachable NODATA (SOA) or not is a
	secondary issue.

	The box knows about EDNS (RFC 2671) which came out way after
	AAAA records (RFC 1886) or even MX, SOA or NS records (RFC 1034).

	1034:	DOMAIN NAMES - CONCEPTS AND FACILITIES	November 1987
	1886:	DNS Extensions to support IP version 6	December 1995
	2671:   Extension Mechanisms for DNS (EDNS0)	August 1999

	F5 is assuming that the only queries that their boxes will get
	are for A records.

	It isn't rocket science to get this correct.  Authoritative servers
	are easy compared to caching servers.

	if (class != 1) {
		rcode = notimp;
	} else if (issubdomain(name, ourname)) {
		rcode = nxdomain; aa = 1;
	} else if (name != ourname) {
		add_referral():
	} else {
		switch (type) {
		case 1: add_A(); aa = 1; break;
		case 2: add_NS(); aa = 1; break;
		case 6: add_SOA(); aa = 1; break;
		case 251: rcode = refused; break;
		case 252: rcode = refused; break;
		case 255: add_A(); add_NS(); add_SOA(); aa = 1; break;
		default: rcode = noerror; aa = 1; break;
		}
	}

	Mark

> Thanks
> 
> Terry
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list