Feng He shorttag at gmail.com
Fri Jul 8 01:32:38 UTC 2011

2011/7/8 Kevin Darcy <kcd at chrysler.com>:

> I think it's worth emphasizing that in the first case, the contents of the
> Authority Section were *mandatory* (see RFC 2308, Negative Caching), whereas
> in the second case the authoritative nameserver was *optionally* providing
> NS records in the Authority Section. It could have legally left the
> Authority Section completely empty, and in fact many load-balancers,
> pretending (to various degrees of competence) to be authoritative
> nameservers, will give responses that look like that.

In the second case I think the NS records should be there in the
Authority Section.
Consider this case:

example.com.  IN   NS    dns.example.com.
l2.example.com.  IN  NS   dns.example.com.
l3.l2.example.com.  IN  NS   dns.example.com.

When a query for example, dig l3.l2.example.com @dns.example.com, the
nameserver answser without the Authority Section, then the client
won't know the answer is in which authority zone.


More information about the bind-users mailing list