Recursive caching servers behavior with lame server answers
Mark Andrews
Mark_Andrews at isc.org
Fri Sep 30 22:44:18 UTC 2005
> I've been doing snoops to see exactly what information comes back in
> packets from "lame" authoratative servers and I'm confused about
> something that is probably pretty basic.
>
> In most cases, my caching/recursive name server *knows* the delegation
> is lame because the putative server reveals the correct authoritative
> server list (which he is not a part of). Why not just follow those NS
> records and get the answer? From what I can see(BIND 9.3.1), it repeats
> the original request (to the original lame server), gets the same list
> of NS records, and returns a SERVFAIL to the downstream requesting name
> server.
>
> Any help would be appreciated.
It sounds like someone is trying to do a sideways delegation.
DNS delegations are strictly heirarchical. The delegation is
broken and needs to be fixed.
Most lame nameserver are actually listed but not configured
or the zone transfers failed or the original load failed.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list