[dns-operations] NS answer inconsistency between implementations for delegated zone

Remi Gacogne listes+dns-operations at valombre.net
Fri Mar 16 13:30:26 UTC 2012 

Hi,

I noticed a difference in the behavior of bind, powerdns (using bind or 
MySQL backend) and nsd regarding the answer to an NS query
for a delegated zone. Powerdns is responding to the query by putting 
corresponding NS RRs into the ANSWER section,
whereas bind and nsd are putting them into the AUTHORITY section.

I am not sure what the correct answer is, as I haven't found a clear 
specification on this case yet.

RFC 1034 states that (3.7 Queries):

"Answer          Carries RRs which directly answer the query.

Authority       Carries RRs which describe other authoritative servers.
                 May optionally carry the SOA RR for the authoritative
                 data in the answer section."

But in this case, one could argue that NS RRs directly answer the query 
AND describe other authoritative servers, if I'm not mistaken.

Powerdns response:

$  drill ns info.example.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 57206
;; flags: qr rd ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; info.example.com.    IN      NS

;; ANSWER SECTION:
info.example.com.       7200    IN      NS      ns1.other.net.
info.example.com.       7200    IN      NS      ns2.other.net.

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 0 msec
;; SERVER: 127.0.0.1
;; WHEN: Fri Mar 16 14:04:32 2012
;; MSG SIZE  rcvd: 79

Bind and NSD response:

$  drill ns info.example.com
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 41836
;; flags: qr rd ; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;; info.example.com.    IN      NS

;; ANSWER SECTION:

;; AUTHORITY SECTION:
info.example.com.       7200    IN      NS      ns1.other.net.
info.example.com.       7200    IN      NS      ns2.other.net.

;; ADDITIONAL SECTION:

;; Query time: 47 msec
;; SERVER: 217.0.0.1
;; WHEN: Fri Mar 16 14:12:26 2012
;; MSG SIZE  rcvd: 79


Entire zone configuration:

$TTL 2d ; default TTL is 2 days
$ORIGIN example.com.
@              IN      SOA   ns1.isp.net. hostmaster.example.com. (
                2003080800 ; serial number
                2h         ; refresh =  2 hours
                15M        ; update retry = 15 minutes
                3W12h      ; expiry = 3 weeks + 12 hours
                2h20M      ; minimum = 2 hours + 20 minutes
                )


example.com.    7200    IN      NS      ns0.isp.net.
example.com.    7200    IN      NS      ns1.isp.net.
info.example.com.       7200    IN      NS      ns1.other.net.
info.example.com.       7200    IN      NS      ns2.other.net.

Regards,

Rémi Gacogne

More information about the dns-operations mailing list