ignoring incorrect nameservers in authority section
torinthiel at data.pl
Thu Dec 30 10:45:49 UTC 2010
Dnia 2010-12-30 18:03 pyh at mail.nsbeta.info napisał(a):
>Sunil Shetye writes:
>> Case 2: Lame Server Reply
>> $ dig +norecurse @a.iana-servers.net. example.org.
>> ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0
>> ;; QUESTION SECTION:
>> ;example.org. IN A
>> ;; ANSWER SECTION:
>> example.org. 172800 IN A 18.104.22.168
>> ;; AUTHORITY SECTION:
>> example.org. 172800 IN NS ns1.example.org.
>> example.org. 172800 IN NS ns2.example.org.
>> This is a lame server reply. bind ignores this reply. bind will give a
>> server fail reply to the client.
>Would you please tell me why this is a lame server reply? why bind will
>give a server fail reply to the client? Thanks again a lot.
Because it's contrary to itself.
You've specified norecurse, which means that if nameserver believes it has
authorative data it should return it, if it doesn't it should return a
referral (and no answer beside it).
But the server returns answer (which means it believes it has authorative
data), but in authority section is not listed in nameservers, which states
it does not have authorative data.
To sum up:
Question: Does the server have authorative data?
Answer 1: Server returns data when asked without recursion ->; YES
Answer 2: Server is not listed in authority section ->; NO
Real answer: Lame server.
More information about the bind-users