Re: [dns-operations] about the ADDITIONAL SECTION

Mon, 08 Jul 2013 01:53:17 -0700 


Hi,

Have another question that,

pyh@dwdns153:~$ dig dnsbed.com @a.gtld-servers.net.

; <<>> DiG 9.6.1-P2 <<>> dnsbed.com @a.gtld-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34184
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;dnsbed.com.                    IN      A

;; AUTHORITY SECTION:
dnsbed.com.             172800  IN      NS      ns5.cloudwebdns.com.
dnsbed.com.             172800  IN      NS      ns6.cloudwebdns.com.

;; ADDITIONAL SECTION:
ns5.cloudwebdns.com.    172800  IN      A       209.141.54.207
ns6.cloudwebdns.com.    172800  IN      A       116.251.209.248
ns6.cloudwebdns.com.    172800  IN      A       84.200.77.142

;; Query time: 1291 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon Jul  8 16:45:41 2013
;; MSG SIZE  rcvd: 124
The server a.gtld-servers.net returns two NS records along with the additional IPs. They are not glue IMO, b/c I was not querying for the domain cloudwebdns.com. Will a cache server believe the ADDITIONAL SECTION in this case? 

Thanks in advance.



On 2013-6-28 10:04, Feng He wrote:

Hi,

Sorry for my not good english.
Says I have a domain a.com, whose NS records are:
ns1.b.com
ns2.b.com

But b.com is not auth-resolved by my nameserver, for example, its
auth-servers are registrar's.

a.com is auth-resolved by my own nameservers, the NS records look as:

a.com.             111    IN      NS      ns1.b.com.
a.com.             111    IN      NS      ns2.b.com.

But, if I add the zone b.com into the nameservers' zone file (though the
zone is not auth-resolved by my servers as I've said), and setup the A
records with fake IP for ns1.b.com and ns2.b.com. When query for:
dig a.com ns

The nameservers will answer with the additional section whose content is
the fake IPs.

;; ANSWER SECTION:
a.com.            111     IN      NS      ns1.b.com.
a.com.            111     IN      NS      ns2.b.com.

;; ADDITIONAL SECTION:
ns1.b.com.     111     IN      A       1.2.3.4
ns2.b.com.     111     IN      A       5.6.7.8

Will this make the world's DNS cache not work? i.e, the ISP's public DNS
servers.

Thanks.


_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Reply via email to