In message <[email protected]>, Feng He writes: > Hi, > > Sorry for my not good english. > Says I have a domain a.com, whose NS records are: > ns1.b.com > ns2.b.com > > But b.com is not auth-resolved by my nameserver, for example, its > auth-servers are registrar's. > > a.com is auth-resolved by my own nameservers, the NS records look as: > > a.com. 111 IN NS ns1.b.com. > a.com. 111 IN NS ns2.b.com.
This is expected and good. > But, if I add the zone b.com into the nameservers' zone file (though the > zone is not auth-resolved by my servers as I've said), and setup the A > records with fake IP for ns1.b.com and ns2.b.com. When query for: > dig a.com ns Do not do this. This is bad. > The nameservers will answer with the additional section whose content is > the fake IPs. > > ;; ANSWER SECTION: > a.com. 111 IN NS ns1.b.com. > a.com. 111 IN NS ns2.b.com. > > ;; ADDITIONAL SECTION: > ns1.b.com. 111 IN A 1.2.3.4 > ns2.b.com. 111 IN A 5.6.7.8 > > Will this make the world's DNS cache not work? i.e, the ISP's public DNS > servers. > > Thanks. > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
