Why do some parent NSs "lie" about delegation records?

Len Conrad LConrad at Go2France.com
Wed Jan 7 13:06:47 UTC 2004

An "honest" parent:

dig @a.gtld-servers.net yahoo.com ns

; <<>> DiG 9.2.3 <<>> @a.gtld-servers.net yahoo.com ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2128
;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5

;yahoo.com.                     IN      NS

yahoo.com.              172800  IN      NS      ns1.yahoo.com.
yahoo.com.              172800  IN      NS      ns2.yahoo.com.
yahoo.com.              172800  IN      NS      ns3.yahoo.com.
yahoo.com.              172800  IN      NS      ns4.yahoo.com.
yahoo.com.              172800  IN      NS      ns5.yahoo.com.

ie, the parent NS has the "yahoo.com NS" records, so ANSWERs with them.

In contrast, a "lying" parent:

# dig @ns1.ausregistry.net. yahoo.com.au ns

; <<>> DiG 9.2.3 <<>> @ns1.ausregistry.net. yahoo.com.au ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21497
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 0

;yahoo.com.au.                  IN      NS

yahoo.com.au.           86400   IN      NS      ns3.yahoo.com.
yahoo.com.au.           86400   IN      NS      ns4.yahoo.com.
yahoo.com.au.           86400   IN      NS      ns5.yahoo.com.
yahoo.com.au.           86400   IN      NS      ns1.yahoo.com.
yahoo.com.au.           86400   IN      NS      ns2.yahoo.com.

It appears the com.au. parent NS is "lying" about not having an ANSWER to 
the query "yahoo.com.au NS", so gives a referral containing the 
"yahoo.com.au NS" records (so in fact it DOES have the ANSWER to the query).

While this behavior does not break the navigation of the chain of 
delegation to arrive at NSs auth for the child zone, why do these parent 
NSs "lie" about not having the ANSWERs for child delegation records?

Is there a BIND parameter for that com.au. behavior, er, behaviour?


http://MenAndMice.com/DNS-training : London; San Jose; Chicago
http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites

More information about the bind-users mailing list