Why do some parent NSs "lie" about delegation records?

Mark_Andrews at isc.org Mark_Andrews at isc.org
Wed Jan 7 13:28:39 UTC 2004


> 
> An "honest" parent:
> 
> dig @a.gtld-servers.net yahoo.com ns
> 
> ; <<>> DiG 9.2.3 <<>> @a.gtld-servers.net yahoo.com ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2128
> ;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5
> 
> ;; QUESTION SECTION:
> ;yahoo.com.                     IN      NS
> 
> ;; ANSWER SECTION:
> yahoo.com.              172800  IN      NS      ns1.yahoo.com.
> yahoo.com.              172800  IN      NS      ns2.yahoo.com.
> yahoo.com.              172800  IN      NS      ns3.yahoo.com.
> yahoo.com.              172800  IN      NS      ns4.yahoo.com.
> yahoo.com.              172800  IN      NS      ns5.yahoo.com.
> 
> ie, the parent NS has the "yahoo.com NS" records, so ANSWERs with them.
> 
> In contrast, a "lying" parent:
> 
> # dig @ns1.ausregistry.net. yahoo.com.au ns
> 
> ; <<>> DiG 9.2.3 <<>> @ns1.ausregistry.net. yahoo.com.au ns
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21497
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;yahoo.com.au.                  IN      NS
> 
> ;; AUTHORITY SECTION:
> yahoo.com.au.           86400   IN      NS      ns3.yahoo.com.
> yahoo.com.au.           86400   IN      NS      ns4.yahoo.com.
> yahoo.com.au.           86400   IN      NS      ns5.yahoo.com.
> yahoo.com.au.           86400   IN      NS      ns1.yahoo.com.
> yahoo.com.au.           86400   IN      NS      ns2.yahoo.com.
> 
> It appears the com.au. parent NS is "lying" about not having an ANSWER to 
> the query "yahoo.com.au NS", so gives a referral containing the 
> "yahoo.com.au NS" records (so in fact it DOES have the ANSWER to the query).
> 
> While this behavior does not break the navigation of the chain of 
> delegation to arrive at NSs auth for the child zone, why do these parent 
> NSs "lie" about not having the ANSWERs for child delegation records?
> 
> Is there a BIND parameter for that com.au. behavior, er, behaviour?
> 
> Len

	Len the "honest" answer above is a lie.  The parent has
	glue NS records.  The real NS records for the zone are those
	from the child zone.

> _____________________________________________________________________
> http://MenAndMice.com/DNS-training : London; San Jose; Chicago
> http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
> 
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list