In message <2013051114140947567...@gmail.com>, "Liu Mingxing" writes: > > I found that bind9.9.2 recursor returns servfail to soa requests when > receiving inproper nodata notification that there is just a root SOA RR > in the authority section in response from authoritative namservers. > Just like this as following. Why does it forward the inproper response > to clients?
No version of BIND 9 accepts those responses. The operators of vipbiz.cn took short cut and failed to properly set up the zone. As a result the servers generate incorrect answers. named detects the incorrect answer, marks the server as bad, tries the other server, marks it as bad and having exhausted the list of nameservers for the zone returns SERVFAIL to the client. > root@localhost secman# dig soft.vipbiz.cn ns @localhost > > ; <<>> DiG 9.9.2-P2 <<>> soft.vipbiz.cn ns @localhost > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21576 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;soft.vipbiz.cn. IN NS > > ;; Query time: 91 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Fri May 10 23:08:56 2013 > ;; MSG SIZE rcvd: 43 > > > > > > Liu Mingxing -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
