What is the deal on missing "Authority Section" and "additional section" from google's DNS servers?
warren at kumari.net
Wed Jul 11 15:03:39 UTC 2012
On Jul 11, 2012, at 6:30 AM, Ted Mittelstaedt wrote:
> On 7/10/2012 6:37 PM, Michael Hoskins (michoski) wrote:
>> -----Original Message-----
>> From: Ted Mittelstaedt <tedm at ipinc.net>
>> Date: Tuesday, July 10, 2012 6:24 PM
>> To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
>> Subject: What is the deal on missing "Authority Section" and
>> "additional section" from google's DNS servers?
>>> I can't seem to find an option to turn off additional data. How
>>> does Google and OpenDNS do it? WHY do they do it?
>> have you tried "minimal-responses yes;"?
> That did it, thanks!
>> it can increase name server performance, but can also increase client
>> workload (e.g. lead to additional queries). some might also feel it's
>> best to be "conservative in what you send".
> I would then have to assume that Google and OpenDNS are aware of
> bugs in specific resolver implementations - very likely in certain
> firmware versions of the small Dlink/Linksys/etc. routers - and
> have turned off the additional data in order to make their stuff as
> compatible as possible so that as few people as possible complain.
> It would be nice if anyone could confirm this.
As you have just seen from one of your customers, there are a non-zero number of folk / devices that have issues with "larger" responses / responses with additional data / etc. Exactly what the devices are isn't (IMO) important, what is is getting answers to folk.
By *far* the majority of folk querying these services are end users / stub resolvers. What they are looking for is simply an A / AAAA and anything extra is simply wasted bandwidth, time, opportunities to get confused, etc.
Many things (correctly (IMO)) ignore the info in additional section due to past entertainment with cache poising, etc.
> It would be nicer if Google or OpenDNS would confirm they are doing
> it and why.
I think that it is clear from querying (at least Google!) that this is the case:
$ dig www.example.com @220.127.116.11 | grep ADDI
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> No doubt both regard it as some sort of trade secret.
Hopefully not… ;-)
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
There are only 10 types of people in this world -- those who understand binary arithmetic and those who don't.
More information about the bind-users