To:
Matt Crawford <crawdad@fnal.gov>
cc:
Alex Kamantauskas <alexk@tugger.net>, Mats Dufberg <dufberg@nic-se.se>, <dnsop@cafax.se>
From:
Alex Kamantauskas <alexk@tugger.net>
Date:
Tue, 3 Apr 2001 11:45:09 -0400 (EDT)
In-Reply-To:
<200104031522.KAA03428@gungnir.fnal.gov>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Strange behavior from resolvers?
On Tue, 3 Apr 2001, Matt Crawford wrote: > I have a guess, but I haven't tested it yet. Something between the > internet and those two servers ns1/2.obol-net.net is refusing packets > with UDP source port 53. If that were the case, than all queries would fail, but an SOA query still works: root/ns1:/ # dig obol-net.net soa ;; ANSWER SECTION: obol-net.net. 1D IN SOA ns1.obol-net.net. My initial thought had to do with resolvers answering with the best answer they know. ns1.obol-net.net doesn't have any info about an mx record for ns1.obol-net.net, so it replies back with the best answer it knows, which is no answer but provides the authoritative NS records for 'obol-net.net'. A standard resolver has no prior knowledge of 'obol-net.net', so it just returns a SERVFAIL. However, looking back on that, I seem to think there is a hole in that logic. -- /ak