[dns-operations] NS answer inconsistency between implementations for delegated zone

Fri, 16 Mar 2012 06:30:47 -0700 


Hi,
I noticed a difference in the behavior of bind, powerdns (using bind or MySQL backend) and nsd regarding the answer to an NS query for a delegated zone. Powerdns is responding to the query by putting corresponding NS RRs into the ANSWER section, 
whereas bind and nsd are putting them into the AUTHORITY section.
I am not sure what the correct answer is, as I haven't found a clear specification on this case yet. 

RFC 1034 states that (3.7 Queries):

"Answer          Carries RRs which directly answer the query.

Authority       Carries RRs which describe other authoritative servers.
                May optionally carry the SOA RR for the authoritative
                data in the answer section."
But in this case, one could argue that NS RRs directly answer the query AND describe other authoritative servers, if I'm not mistaken. 

Powerdns response:

$  drill ns info.example.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 57206
;; flags: qr rd ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; info.example.com.    IN      NS

;; ANSWER SECTION:
info.example.com.       7200    IN      NS      ns1.other.net.
info.example.com.       7200    IN      NS      ns2.other.net.

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Mar 16 14:04:32 2012
;; MSG SIZE  rcvd: 79

Bind and NSD response:

$  drill ns info.example.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 41836
;; flags: qr rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;; info.example.com.    IN      NS

;; ANSWER SECTION:

;; AUTHORITY SECTION:
info.example.com.       7200    IN      NS      ns1.other.net.
info.example.com.       7200    IN      NS      ns2.other.net.

;; ADDITIONAL SECTION:

;; Query time: 47 msec
;; SERVER: 217.0.0.1
;; WHEN: Fri Mar 16 14:12:26 2012
;; MSG SIZE  rcvd: 79


Entire zone configuration:

$TTL 2d ; default TTL is 2 days
$ORIGIN example.com.
@              IN      SOA   ns1.isp.net. hostmaster.example.com. (
               2003080800 ; serial number
               2h         ; refresh =  2 hours
               15M        ; update retry = 15 minutes
               3W12h      ; expiry = 3 weeks + 12 hours
               2h20M      ; minimum = 2 hours + 20 minutes
               )


example.com.    7200    IN      NS      ns0.isp.net.
example.com.    7200    IN      NS      ns1.isp.net.
info.example.com.       7200    IN      NS      ns1.other.net.
info.example.com.       7200    IN      NS      ns2.other.net.

Regards,

RĂ©mi Gacogne


_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Reply via email to