reverse lookups are shown as AUTHORITATIVE on cache servers..!!!

Barry Margolin barmar at alum.mit.edu
Sat Jul 29 01:58:28 UTC 2006


In article <ead9d2$2hsb$1 at sf1.isc.org>, "blrmaani" <blrmaani at gmail.com> 
wrote:

> I have a cache-only server [ DNSHOST2 in the picture below ]
> 
> DNSHOST1  ( authoritative DNS server for zone myzone1.com )
>      |
>      |
> DNSHOST2  ( cache only DNS server )
>      |
>      |
> CLIENTHOST
> 
> 
> I executed nslookup on CLIENTHOST to lookup names and ip-addresses on
> DNSHOST2.
> The nslookup was executed in debug mode.
> 
> 
> The replies for names shows as non-authoritative whereas replies for IP
> 
> address shows as authoritative. I was under the impression that all
> cached
> replies are always non-authoritative.

What version of BIND is DNSHOST2 running?  In older versions, if the 
answer isn't already in the server's cache, so it has to recurse, it 
simply passes the response that it gets from the authoritative server on 
to the client.  Any flags in this response, including the AA flag, will 
be sent to the client.

If you then perform the same query again, it should already have the 
answer cached, so this time it should be non-authoritative.

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***



More information about the bind-users mailing list