Why do some parent NSs "lie" about delegation records?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Wed Jan 7 13:28:39 UTC 2004
>
> An "honest" parent:
>
> dig @a.gtld-servers.net yahoo.com ns
>
> ; <<>> DiG 9.2.3 <<>> @a.gtld-servers.net yahoo.com ns
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2128
> ;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5
>
> ;; QUESTION SECTION:
> ;yahoo.com. IN NS
>
> ;; ANSWER SECTION:
> yahoo.com. 172800 IN NS ns1.yahoo.com.
> yahoo.com. 172800 IN NS ns2.yahoo.com.
> yahoo.com. 172800 IN NS ns3.yahoo.com.
> yahoo.com. 172800 IN NS ns4.yahoo.com.
> yahoo.com. 172800 IN NS ns5.yahoo.com.
>
> ie, the parent NS has the "yahoo.com NS" records, so ANSWERs with them.
>
> In contrast, a "lying" parent:
>
> # dig @ns1.ausregistry.net. yahoo.com.au ns
>
> ; <<>> DiG 9.2.3 <<>> @ns1.ausregistry.net. yahoo.com.au ns
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21497
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;yahoo.com.au. IN NS
>
> ;; AUTHORITY SECTION:
> yahoo.com.au. 86400 IN NS ns3.yahoo.com.
> yahoo.com.au. 86400 IN NS ns4.yahoo.com.
> yahoo.com.au. 86400 IN NS ns5.yahoo.com.
> yahoo.com.au. 86400 IN NS ns1.yahoo.com.
> yahoo.com.au. 86400 IN NS ns2.yahoo.com.
>
> It appears the com.au. parent NS is "lying" about not having an ANSWER to
> the query "yahoo.com.au NS", so gives a referral containing the
> "yahoo.com.au NS" records (so in fact it DOES have the ANSWER to the query).
>
> While this behavior does not break the navigation of the chain of
> delegation to arrive at NSs auth for the child zone, why do these parent
> NSs "lie" about not having the ANSWERs for child delegation records?
>
> Is there a BIND parameter for that com.au. behavior, er, behaviour?
>
> Len
Len the "honest" answer above is a lie. The parent has
glue NS records. The real NS records for the zone are those
from the child zone.
> _____________________________________________________________________
> http://MenAndMice.com/DNS-training : London; San Jose; Chicago
> http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list