Recursive caching servers behavior with lame server answers

Mark Andrews Mark_Andrews at isc.org
Fri Sep 30 22:44:18 UTC 2005


> I've been doing snoops to see exactly what information comes back in
> packets from "lame" authoratative servers and I'm confused about
> something that is probably pretty basic.
> 
> In most cases, my caching/recursive name server *knows* the delegation
> is lame because the putative server reveals the correct authoritative
> server list (which he is not a part of). Why not just follow those NS
> records and get the answer? From what I can see(BIND 9.3.1), it repeats
> the original request (to the original lame server), gets the same list
> of NS records, and returns a SERVFAIL to the downstream requesting name
> server.
> 
> Any help would be appreciated.

	It sounds like someone is trying to do a sideways delegation.
	DNS delegations are strictly heirarchical.  The delegation is
	broken and needs to be fixed.

	Most lame nameserver are actually listed but not configured
	or the zone transfers failed or the original load failed.

	Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list