BIND 8.2.1 not handling NXDOMAIN as per auth-nxdomain?

Paul A Vixie vixie at mibh.net
Tue Aug 31 07:22:23 UTC 1999


> 	There's got to be something *way* deeper here than that, because 
> my initial reaction was exactly the same.  But people like Greg don't 
> tend to miss things like this, so now I'm left wondering what the 
> heck I've missed and how far beyond my measly knowledge of BIND 
> everyone else is.

greg's question was the right one, my answer was somewhat misleading in
the way i worded it.  here's the default:

#define	DEFAULT_OPTION_FLAGS	(OPTION_NODIALUP|OPTION_NONAUTH_NXDOMAIN|\
				 OPTION_USE_ID_POOL|OPTION_NORFC2308_TYPE1)

here's the html:

<DL>
<DT><CODE>auth-nxdomain</CODE>
<DD>
If <CODE>yes</CODE>, then the <CODE>AA</CODE> bit is always set on
NXDOMAIN responses, even if the server is not actually authoritative.
The default is <CODE>yes</CODE>.  Do not turn off
<CODE>auth-nxdomain</CODE> unless you are sure you know what you are
doing, as some older software won't like it.

as you can see, the internal wording is "nonauth" whereas the option is
worded as "auth".  there is therefore a ! used when storing the value
set in the config file:

  | T_AUTH_NXDOMAIN yea_or_nay
  {
    set_global_boolean_option(current_options, OPTION_NONAUTH_NXDOMAIN, !$2);
  }

but there is another ! in front of the two places where it's used.  ns_req.c:

			hp->rcode = ns_r_nxdomain;
			/* 
			 * XXX forcing AA all the time isn't right, but
			 * we have to work that way by default
			 * for compatibility with older servers.
			 */
			if (!NS_OPTION_P(OPTION_NONAUTH_NXDOMAIN))
			    hp->aa = 1;
			ns_debug(ns_log_default, 3, "NXDOMAIN aa = %d",
				 hp->aa);

and ns_resp.c:

			hp->rcode = NXDOMAIN;
			/* 
			 * XXX forcing AA all the time isn't right, but
			 * we have to work that way by default
			 * for compatibility with older servers.
			 */
			if (!NS_OPTION_P(OPTION_NONAUTH_NXDOMAIN))
				hp->aa = 1;
			ns_debug(ns_log_default, 3, "resp: NXDOMAIN aa = %d",
				 hp->aa);

shame on us for: duplicating this much code, being inconsistent in our
indentation, triply-negating an option predicate, and getting so mixed
up when it came to documenting it that we didn't know WHAT the default
was.

> 	I always felt like a Lilliputian in the land of humans, when 
> compared to the rest of the people on this list.  Suddenly, I now 
> feel like a Lilliputian in the land of giants.

nothing like that, unless it's the land of tired drunk giants.  g'nite.


More information about the bind-workers mailing list