correct response for blocked queries?
Kevin Darcy
kcd at daimlerchrysler.com
Mon Oct 31 21:49:33 UTC 2005
aklist_bind at enigmedia.com wrote:
>Hi All:
>
>Bit of a newbie question...I'm just testing my setup on my 9.2.3 server
>running Fedora Core2. Recursion is not allowed from outside my "local" zone.
>Everything is working well.
>
>When I dig the server (from outside my "local" network) for a
>non-authoritative domain, the response is:
>
>10/31/05 10:23:29 dig lpgk.com @ ns.enigmedia.com
>Dig lpgk.com at ns.enigmedia.com (207.158.46.200) ...
>Non-authoritative answer
> Query for lpgk.com type=255 class=1
>Malformed name in RR
>
>
>Just checking that this is the correct non-authoritative response?
>
>FWIW, it's providing the correct response for domains for which it is
>authoritative.
>
>Is the "malformed name" the RFC-appropriate response for a blocked recursive
>query?
>
It's not clear exactly what syntax you're using for that "dig" command.
Is it "space-at-space" before the target nameserver name, or no spaces
at all? Neither syntax is correct for "dig"; it needs to be "space-at",
then nameserver name (or address).
What you *should* be getting if you query a pure non-recursing BIND
server for a zone for which it does not host, is a referral to the
closest enclosing zone that it does host (e.g. if it hosts example.com
but not foo.bar.example.com, or bar.example.com, then you'll get a
referral to example.com), or, if it does not host any zones in the
entire delegation chain, a referral to the root zone, e.g.
% dig lpgk.com @ns.enigmedia.com
; <<>> DiG 9.2.2rc1 <<>> lpgk.com @ns.enigmedia.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26398
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
;; QUESTION SECTION:
;lpgk.com. IN A
;; AUTHORITY SECTION:
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
;; Query time: 72 msec
;; SERVER: 207.158.46.200#53(ns.enigmedia.com)
;; WHEN: Mon Oct 31 16:45:16 2005
;; MSG SIZE rcvd: 237
- Kevin
More information about the bind-users
mailing list