[dns-operations] Authoritative answer with NSCOUNT=0
Anand Buddhdev
anandb at ripe.net
Tue Aug 18 11:55:24 UTC 2009
Hello people,
Yesterday I observed DNS responses which have the AA bit set, but the
authority section is empty:
; <<>> DiG 9.4.3-P3 <<>> +norec @dns1.allianz.pl soa 10.208.91.in-addr.arpa
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28527
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;10.208.91.in-addr.arpa. IN SOA
;; ANSWER SECTION:
10.208.91.in-addr.arpa. 86400 IN SOA dns1.allianz.pl.
hostmaster.allianz.pl. 2009072502 36000 3600 3600000 36000
;; Query time: 47 msec
;; SERVER: 62.29.164.71#53(62.29.164.71)
;; WHEN: Tue Aug 18 13:24:41 2009
;; MSG SIZE rcvd: 134
Additionally, a query for the name servers for this zone returns glue in
the answer section instead of the additional section, while the
authority section is still empty:
; <<>> DiG 9.4.3-P3 <<>> +norec @dns1.allianz.pl ns 10.208.91.in-addr.arpa
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57980
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;10.208.91.in-addr.arpa. IN NS
;; ANSWER SECTION:
10.208.91.in-addr.arpa. 86400 IN NS dns2.allianz.pl.
10.208.91.in-addr.arpa. 86400 IN NS dns1.allianz.pl.
dns1.allianz.pl. 3600 IN A 62.29.164.71
dns2.allianz.pl. 3600 IN A 62.29.164.72
;; Query time: 25 msec
;; SERVER: 62.29.164.71#53(62.29.164.71)
;; WHEN: Tue Aug 18 13:41:33 2009
;; MSG SIZE rcvd: 204
Does anyone know which DNS server emits such answers? As far as I know,
this is quite unusual, but not illegal. However, I don't know all the
RFCs off the top of my head, so please correct me if I am wrong.
Regards,
Anand Buddhdev
More information about the dns-operations
mailing list