[dns-operations] Authoritative answer with NSCOUNT=0
Matthijs Mekking
matthijs at NLnetLabs.nl
Wed Aug 19 07:24:56 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Andrews wrote:
> In message <3efd34cc0908180924t785ac07bk6c55d907cf0cbc61 at mail.gmail.com>, bert
> hubert writes:
>> On Tue, Aug 18, 2009 at 1:55 PM, Anand Buddhdev<anandb at ripe.net> wrote:
>>> Hello people,
>>>
>>> Yesterday I observed DNS responses which have the AA bit set, but the
>>> authority section is empty:
>> PowerDNS does this. The authority section is completely optional for
>> non-delegating answers, so I've not felt the need to fill it out over
>> the past 10 years. Every few years someone notices, but it doesn't
>> matter.
>>
>> No one (no program, at least) reads that section either.
>
> Named can also be configured to do this via minimal-responses. This is
> turned always on for DNSKEY responses.
NSD doesn't do this, although since 3.2.3 it does not fill the authority
section for DNSKEY responses.
>>> Additionally, a query for the name servers for this zone returns glue in
>>> the answer section instead of the additional section, while the
>>> authority section is still empty:
>> That isn't us.
>
> Nor us.
Nor us.
Best regards,
Matthijs Mekking
NLnet Labs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJKi6jFAAoJEA8yVCPsQCW5AREH+wUSuvnrb5V64pT9ml2sh1p1
7HnGThHSeEhz6XmFvRy5+oRzKT03u124MJaDOPd/AoSOKoLSOSDaWm65L88pHJGB
ZCn/BB8nuT8+V61b9Epg3tnL4gj68SKm3jK2a7C8Og6PfkT7nVW99nIKLvJhj26s
soSgiRrIZf7oiZWhQ8eyWv830ksSgIO3gLZAhqdR1CoISPjMUZZh66KNy/kpGnF3
IoiOu6Wwxx2mQ7FMZb3T43ZBRzvUNM416PNv6wiVCUENEW7jfzrHUioeBuhRqwwf
hh7r++WGAjEtQMRWeDQ6vnJlLkmcEsrdkFp9PEyrX767QIw+bWLvu65TXV/yU9M=
=DmOI
-----END PGP SIGNATURE-----
More information about the dns-operations
mailing list