rfc1034 & bind 8.3.4 providing referrals as final answer to recursive clients

Ladislav Vobr lvobr at ies.etisalat.ae
Sun Sep 5 02:49:23 UTC 2004 

2. Why authoritative only Bind 8.3.4 provides referral in the answer
section, and glue A records as well


(server authoritative for name.ae zone)
# dig ns ladislav.name.ae

; <<>> DiG 8.3 <<>> ns ladislav.name.ae
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5
;; QUERY SECTION:
;;      ladislav.name.ae, type = NS, class = IN

;; ANSWER SECTION:
ladislav.name.ae.       3H IN NS        fake3.ladislav.name.ae.
ladislav.name.ae.       3H IN NS        fake4.ladislav.name.ae.
ladislav.name.ae.       3H IN NS        fake5.ladislav.name.ae.
ladislav.name.ae.       3H IN NS        fake1.ladislav.name.ae.
ladislav.name.ae.       3H IN NS        fake2.ladislav.name.ae.

;; ADDITIONAL SECTION:
fake3.ladislav.name.ae.  3H IN A  10.3.3.3
fake4.ladislav.name.ae.  3H IN A  10.4.4.4
fake5.ladislav.name.ae.  3H IN A  10.5.5.5
fake1.ladislav.name.ae.  3H IN A  10.1.1.1
fake2.ladislav.name.ae.  3H IN A  10.2.2.2


# dig a fake3.ladislav.name.ae.

; <<>> DiG 8.3 <<>> a fake3.ladislav.name.ae.
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
;; QUERY SECTION:
;;      fake3.ladislav.name.ae, type = A, class = IN

;; ANSWER SECTION:
fake3.ladislav.name.ae.  3H IN A  10.3.3.3

;; AUTHORITY SECTION:
ladislav.name.ae.       3H IN NS        fake1.ladislav.name.ae.
ladislav.name.ae.       3H IN NS        fake2.ladislav.name.ae.
ladislav.name.ae.       3H IN NS        fake3.ladislav.name.ae.
ladislav.name.ae.       3H IN NS        fake4.ladislav.name.ae.
ladislav.name.ae.       3H IN NS        fake5.ladislav.name.ae.

;; ADDITIONAL SECTION:
fake1.ladislav.name.ae.  3H IN A  10.1.1.1
fake2.ladislav.name.ae.  3H IN A  10.2.2.2
fake3.ladislav.name.ae.  3H IN A  10.3.3.3
fake4.ladislav.name.ae.  3H IN A  10.4.4.4
fake5.ladislav.name.ae.  3H IN A  10.5.5.5


the caching server (bind, which will contact such a authoritative-only
server containing only referrals will not follow up to the final 
authoritative servers with the zone in case of fake3.ladislav.name.ae, 
the final authoritative servers don't have to exist at all, since they
will never be queried to verify with. And this referral records will be
provided as a final answer by the caching servers to all recursive clients.

As per the rfc1034

--snip--
    - The simplest mode for the client is recursive, since in this
      mode the name server acts in the role of a resolver and
      returns either an error or the answer, but never referrals.
      This service is optional in a name server, and the name server
      may also choose to restrict the clients which can use
      recursive mode.
--snip--

Can you see the conflict?


Ladislav

More information about the bind-users mailing list