[dns-operations] about the ADDITIONAL SECTION

Feng He fenghe at nsbeta.info
Mon Jul 8 08:52:29 UTC 2013 

Hi,

Have another question that,

pyh at dwdns153:~$ dig dnsbed.com @a.gtld-servers.net.

; <<>> DiG 9.6.1-P2 <<>> dnsbed.com @a.gtld-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34184
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;dnsbed.com.                    IN      A

;; AUTHORITY SECTION:
dnsbed.com.             172800  IN      NS      ns5.cloudwebdns.com.
dnsbed.com.             172800  IN      NS      ns6.cloudwebdns.com.

;; ADDITIONAL SECTION:
ns5.cloudwebdns.com.    172800  IN      A       209.141.54.207
ns6.cloudwebdns.com.    172800  IN      A       116.251.209.248
ns6.cloudwebdns.com.    172800  IN      A       84.200.77.142

;; Query time: 1291 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon Jul  8 16:45:41 2013
;; MSG SIZE  rcvd: 124


The server a.gtld-servers.net returns two NS records along with the 
additional IPs. They are not glue IMO, b/c I was not querying for the 
domain cloudwebdns.com. Will a cache server believe the ADDITIONAL 
SECTION in this case?

Thanks in advance.



On 2013-6-28 10:04, Feng He wrote:
> Hi,
>
> Sorry for my not good english.
> Says I have a domain a.com, whose NS records are:
> ns1.b.com
> ns2.b.com
>
> But b.com is not auth-resolved by my nameserver, for example, its
> auth-servers are registrar's.
>
> a.com is auth-resolved by my own nameservers, the NS records look as:
>
> a.com.             111    IN      NS      ns1.b.com.
> a.com.             111    IN      NS      ns2.b.com.
>
> But, if I add the zone b.com into the nameservers' zone file (though the
> zone is not auth-resolved by my servers as I've said), and setup the A
> records with fake IP for ns1.b.com and ns2.b.com. When query for:
> dig a.com ns
>
> The nameservers will answer with the additional section whose content is
> the fake IPs.
>
> ;; ANSWER SECTION:
> a.com.            111     IN      NS      ns1.b.com.
> a.com.            111     IN      NS      ns2.b.com.
>
> ;; ADDITIONAL SECTION:
> ns1.b.com.     111     IN      A       1.2.3.4
> ns2.b.com.     111     IN      A       5.6.7.8
>
> Will this make the world's DNS cache not work? i.e, the ISP's public DNS
> servers.
>
> Thanks.

More information about the dns-operations mailing list