Q: DNS query format

Mark Andrews Mark_Andrews at isc.org
Sun Jan 28 23:12:21 UTC 2007 

>   
> > > Is this DNS query correct?:
> > > 
> > > Domain Name System (query)
> > >     Transaction ID: 0x938a
> > >     Flags: 0x0110 (Standard query)
> > >         0... .... .... .... = Response: Message is a query
> > >         .000 0... .... .... = Opcode: Standard query (0)
> > >         .... ..0. .... .... = Truncated: Message is not truncated
> > >         .... ...1 .... .... = Recursion desired: Do query 
> > recursively
> > >         .... .... .0.. .... = Z: reserved (0)
> > >         .... .... ...1 .... = Non-authenticated data OK:
> > > Non-authenticated data
> > > is acceptable
> > >     Questions: 1
> > >     Answer RRs: 0
> > >     Authority RRs: 0
> > >     Additional RRs: 1
> > >     Queries
> > >        1.2.3.e164.arpa: type NAPTR, class IN
> > > 
> > > According to RFC1035, 3 reserved bits should be 0s. But  in 
> > my example 
> > > second bit is 1 and even interpreted by Etherreal as 
> > > "Non-authenticated data OK" flag.
> > > So is this a  legal  query? 
> > > 
> > > (the reason I'm asking is: this query is coming from  forward-only 
> > > zone in bind9. We have custom ENUM server which doesn't accept this 
> > > query.  )
> > > 
> > > TIA,
> > > Vitaly
> > 
> > 	RFC1035 has been updated by a lot of other RFC's.  From
> > 	the RFC Index at http://www.ietf.org/iesg/1rfc_index.txt.
> > 
> > 	To fully understand the modern DNS you need to have read
> > 	and understood all of these.
> > 
> > 	Yes, it is legal.
> > 
> > 	Mark
> > 
> > 1033 Domain administrators operations guide. M. Lottor. November 1987.
> >      (Format: TXT=37263 bytes) (Status: UNKNOWN)
> > 
> > 1034 Domain names - concepts and facilities. P.V. Mockapetris.
> >      November 1987. (Format: TXT=129180 bytes) (Obsoletes RFC0973,
> >      RFC0882, RFC0883) (Updated by RFC1101, RFC1183, RFC1348, RFC1876,
> >      RFC1982, RFC2065, RFC2181, RFC2308, RFC2535, RFC4033, RFC4034,
> >      RFC4035, RFC4343, RFC4035, RFC4592) (Also STD0013) 
> > (Status: STANDARD)
> > 
> > 1035 Domain names - implementation and specification. P.V.
> >      Mockapetris. November 1987. (Format: TXT=125626 bytes) (Obsoletes
> >      RFC0973, RFC0882, RFC0883) (Updated by RFC1101, RFC1183, RFC1348,
> >      RFC1876, RFC1982, RFC1995, RFC1996, RFC2065, RFC2136, RFC2181,
> >      RFC2137, RFC2308, RFC2535, RFC2845, RFC3425, RFC3658, RFC4033,
> >      RFC4034, RFC4035, RFC4343, RFC2137, RFC2845, RFC3425, RFC3658,
> >      RFC4035, RFC4033) (Also STD0013) (Status: STANDARD)
> > --
> 
> Mark,
> Thank you!
> I found that RFC4035 allows using bits 10 and 11
> (http://www.iana.org/assignments/dns-header-flags )
> But is it possible anyway to configure forward zone in bind9 to work
> according to original RFC1035, i.e. turn off bits 10 and 11?

	Named will interoperate with a correctly functioning RFC
	1035 authoritative server.  A correctly functioning RFC
	1035 server should be sending a error code (FORMERR is the
	most approriate but SERVFAIL will suffix) and resend the
	query without EDNS or CD being set.

	Note: you need to be running BIND 9.3.3/9.2.7.

1966.   [bug]           Don't set CD when we have fallen back to plain DNS.
                        [RT #15727]

	You can also set "edns no;" in server clauses for the forwarders,
	that should also disable CD.
 
	CD is eight year old at this point in time.  The forwarder's
	vendor should have software capable of handling CD at this
	point in time.

	Mark

> Vitaly
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list