In message <aanlktimag7wv7+qyaxkqgkaaad-iocrz31rar2+1u...@mail.gmail.com>, terr y writes: > > > > But in this case, you're asking the authotrative server. Authorative server > > answers in answer section, as it knows the answer. Authorative section is > > for 'I don't know, ask ...' > > The rule above goes for servers which are not authorative for a given zone. > > Torinthiel > > _______________________________________________ > > > I'm very sorry, just by typo, I do mean this case: > > $ dig test.nsbeta.info ns @ns33.domaincontrol.com > > ; <<>> DiG 9.4.2-P2.1 <<>> test.nsbeta.info ns @ns33.domaincontrol.com > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13538 > ;; flags: qr rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;test.nsbeta.info. IN NS > > ;; ANSWER SECTION: > test.nsbeta.info. 3600 IN NS ns2.dnsbed.com. > test.nsbeta.info. 3600 IN NS ns1.dnsbed.com. > > ;; Query time: 186 msec > ;; SERVER: 216.69.185.17#53(216.69.185.17) > ;; WHEN: Sat Mar 5 09:36:58 2011 > ;; MSG SIZE rcvd: 122 > > > So why does ns33.domaincontrol.com answer with ANSWER SECTION rather > than AUTHORITY SECTION?
If you ask with rd=0 (+norec), which is what nameservers do, you get the referral. Presumably ns33.domaincontrol.com is running BIND 8 which didn't fully comply the RFC 1034. One of the reasons for writing BIND 9 was to sort out these corner cases. If rd=1 BIND 8 assumed that there was a stub resolver talking to it so it put the response in the answer section despite it not being authoritative for the child zone. It rd=0 it did what RFC 1034 said to do, put the response in the authority section. BIND 9 will actually recurse if rd=1 and the client is in the allow-recursion acl and fetch the answer from the child zone and return it. If not it will return a referral. Mark ; <<>> DiG 9.6.0-APPLE-P2 <<>> test.nsbeta.info +norec @ns33.domaincontrol.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16305 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;test.nsbeta.info. IN A ;; AUTHORITY SECTION: test.nsbeta.info. 3600 IN NS ns2.dnsbed.com. test.nsbeta.info. 3600 IN NS ns1.dnsbed.com. ;; Query time: 400 msec ;; SERVER: 216.69.185.17#53(216.69.185.17) ;; WHEN: Sat Mar 5 14:20:26 2011 ;; MSG SIZE rcvd: 122 -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
