To:
Mats Dufberg <dufberg@nic-se.se>
cc:
<dnsop@cafax.se>, <registry@OBOL-NET.NET>
From:
<namedroppers@local.reachin.com>
Date:
Tue, 3 Apr 2001 11:47:59 -0700 (PDT)
In-Reply-To:
<Pine.BSF.4.30.0104031930500.27390-100000@spider.nic-se.se>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Strange behavior from resolvers?
> The ns1.obol-net.net is certainly not running bind, so the question > remains which nameserver is doing wrong. As far as I can see, bind would > return SOA in auhority section for an equevalent request. I believe the DNS server they are running is Novell's DNS server. I know that their web server is running "NetWare-Enterprise-Web-Server/5.1". The code the remote nameserver seems to be running seems to be based somewhat on BIND, though. It handles the unusual case of asking a question with a QDCOUNT of two the same way BIND does (giving a "Format error" instead of what I conider the correct "Not implemented" ) For whatever reason, however, it handles queries to non-existant domains incorrectly. BIND (and DJBDNS) handle queries to completely non-existant domains (NXDOMAINs) thusly: * They return a RCODE of three (RFC1035 calls this "Name error", RFC1034 calls this a "NXDOMAIN"), as described in RFC1035 section 4.1.1. * No records are in the answer section * They return, in the "Authority" section of the reply (the section where name server records are usually placed), the SOA for the domain in question. Note that RFC1034 section 4.3.4 explcitly asks for this info to be placed in the "Additional" section. However, since Bind placed this info in the "Authority" section, the de facto standard differs from the RFC. * No other records are in the authority section. * No records are in the additional section. BIND and DJBDNS handle domains that exist, but not for the record type requested by the client (resolver) thusly: * They return a RCODE of 0. * In all other aspects, the reply is the same as for a NXDOMAIN reply above. My DNS server, MaraDNS, currently handles NXDOMAINS as BIND and DJBDNS do, with the exception that she gives a RCODE of 0 in both cases. The presumably Novell name server, however, handles completely nonexistant domains thusly: * It returns a RCODE of 3, "Name error". However, there is no data after the header: No answer records, no authority records, and no additional records. This DNS server handles the case of the domain existing, but not for the type of record the client asks for, thusly: * It returns a RCODE of 0 * It then returns nothing in the answer section, NS records in the authority section, and the IPs for the NS records in the additional section. As Eric has just pointed out (as I was writing this), this tells BIND (and DJBDNS) "I do not have this answer, but the answer can be found at my nameserver". - Sam