ignoring incorrect nameservers in authority section

Torinthiel torinthiel at data.pl
Thu Dec 30 10:45:49 UTC 2010

Dnia 2010-12-30 18:03 pyh at mail.nsbeta.info napisał(a):

>Sunil Shetye writes: 
>> Case 2: Lame Server Reply 
>> ===================================================================
>> $ dig +norecurse @a.iana-servers.net. example.org.
>> ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 
>> ;example.org.		IN  A 
>> example.org.	    172800  IN	A 
>> example.org.	    172800  IN	NS  ns1.example.org.
>> example.org.	    172800  IN	NS  ns2.example.org.
>> =================================================================== 
>> This is a lame server reply. bind ignores this reply. bind will give a
>> server fail reply to the client. 
>Would you please tell me why this is a lame server reply? why bind will 
>give a server fail reply to the client? Thanks again a lot. 

Because it's contrary to itself.
You've specified norecurse, which means that if nameserver believes it has 
authorative data it should return it, if it doesn't it should return a 
referral (and no answer beside it).

But the server returns answer (which means it believes it has authorative 
data), but in authority section is not listed in nameservers, which states 
it does not have authorative data.

To sum up:
Question: Does the server have authorative data?
Answer 1: Server returns data when asked without recursion ->; YES
Answer 2: Server is not listed in authority section ->; NO
Real answer: Lame server.


More information about the bind-users mailing list