Re: missing ‘additional section’

Steven Carr sjcarr at gmail.com
Thu Dec 19 03:07:44 UTC 2013 

On 19 December 2013 00:48, houguanghua <houguanghua at hotmail.com> wrote:
> If DLG isn't enabled (bind9+view + zone file , no DB is used), the
> additional section is right.  Maybe it's a bug of Bind DLG.

What is DLG?

> What I wanted is as follows :
> $ dig @10.3.103.177 www.ctyun.cn
> ; <<>> DiG 9.6-ESV-R10-P1 <<>> @10.3.103.177 www.ctyun.cn
>
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30600
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
> ;; QUESTION SECTION:
> ;www.ctyun.cn.                  IN      A
> ;; ANSWER SECTION:
> www.ctyun.cn.           3600    IN      A       211.162.106.2
> www.ctyun.cn.           3600    IN      A       211.162.106.1
> ;; AUTHORITY SECTION:
> ctyun.cn.               3600    IN      NS      ns1.ctyun.cn.
> ctyun.cn.               3600    IN      NS      ns2.ctyun.cn.
> ;; ADDITIONAL SECTION:
> ns1.ctyun.cn.           3600    IN      A       211.16.106.251
> ns2.ctyun.cn.           3600    IN      A       211.16.106.252
>
> ;; Query time: 137 msec
> ;; SERVER: 10.3.103.177#53(10.3.103.177)
> ;; WHEN: Thu Dec 19 08:43:58
> ;; MSG SIZE  rcvd: 130

That might be what you want, but that's not what you asked for, you
asked for the www.ctyun.cn A record. If you want the NS records
explicitly ask for them. Additional is just that, it's additional
data, if the name server that you have queried against has them in
it's cache then it may/may not return them (depending on your config).
My personal preference here is if you are an authoritative server then
you should be returning only what was asked for (config option
minimal-responses = yes), if you are a caching server then chuck
everything back at the client that you have (minimal-responses = no,
the options additional-from-cache and additional-from-auth should
already be set to yes by default and bind will then decide when it's
appropriate to send back additional data).

In your first dig, recursion was enabled, but it didn't need to do a
recursive request as it is authoritative for the ctyun.cn zone. In
your second dig, recursion is disabled, but it is still authoritative
for the ctyun.cn zone so I'm not sure why it would return the
additional records, it doesn't need to as it's simply additional data.

Without seeing the bind config it's difficult to diagnose from just a dig query.

Steve

More information about the bind-users mailing list