On Fri, Mar 16, 2012 at 02:31:34PM +0100, Remi Gacogne wrote: > > Hi, > > I noticed a difference in the behavior of bind, powerdns (using bind > or MySQL backend) and nsd regarding the answer to an NS query > for a delegated zone. Powerdns is responding to the query by putting > corresponding NS RRs into the ANSWER section, > whereas bind and nsd are putting them into the AUTHORITY section. > > I am not sure what the correct answer is, as I haven't found a clear > specification on this case yet. > > RFC 1034 states that (3.7 Queries): > > "Answer Carries RRs which directly answer the query. > > Authority Carries RRs which describe other authoritative servers. > May optionally carry the SOA RR for the authoritative > data in the answer section." > > But in this case, one could argue that NS RRs directly answer the > query AND describe other authoritative servers, if I'm not mistaken. > > Powerdns response: > > $ drill ns info.example.com > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 57206 > ;; flags: qr rd ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 > ;; QUESTION SECTION: > ;; info.example.com. IN NS > > ;; ANSWER SECTION: > info.example.com. 7200 IN NS ns1.other.net. > info.example.com. 7200 IN NS ns2.other.net. > > ;; AUTHORITY SECTION: > > ;; ADDITIONAL SECTION: > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1 > ;; WHEN: Fri Mar 16 14:04:32 2012 > ;; MSG SIZE rcvd: 79 > > Bind and NSD response: > > $ drill ns info.example.com > ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 41836 > ;; flags: qr rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 > ;; QUESTION SECTION: > ;; info.example.com. IN NS > > ;; ANSWER SECTION: > > ;; AUTHORITY SECTION: > info.example.com. 7200 IN NS ns1.other.net. > info.example.com. 7200 IN NS ns2.other.net. > > ;; ADDITIONAL SECTION: > > ;; Query time: 47 msec > ;; SERVER: 217.0.0.1 > ;; WHEN: Fri Mar 16 14:12:26 2012 > ;; MSG SIZE rcvd: 79 > > > Entire zone configuration: > > $TTL 2d ; default TTL is 2 days > $ORIGIN example.com. > @ IN SOA ns1.isp.net. hostmaster.example.com. ( > 2003080800 ; serial number > 2h ; refresh = 2 hours > 15M ; update retry = 15 minutes > 3W12h ; expiry = 3 weeks + 12 hours > 2h20M ; minimum = 2 hours + 20 minutes > ) > > > info.example.com. 7200 IN NS ns1.other.net. > info.example.com. 7200 IN NS ns2.other.net. > example.com. 7200 IN NS ns0.isp.net. > example.com. 7200 IN NS ns1.isp.net. > > Regards, > > RĂ©mi Gacogne > >
The records returned are the RRs to actually answer the query so having them in the answer section seems appropriate although apparently returning them in the authority section works as well. The tie breaker for me is that a Microsoft AD server returns them in the same form as PDNS but I suspect that it really does not matter much. Cheers, Ken _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users
