[dns-operations] about the ADDITIONAL SECTION
Feng He
fenghe at nsbeta.info
Mon Jul 8 08:52:29 UTC 2013
Hi,
Have another question that,
pyh at dwdns153:~$ dig dnsbed.com @a.gtld-servers.net.
; <<>> DiG 9.6.1-P2 <<>> dnsbed.com @a.gtld-servers.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34184
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;dnsbed.com. IN A
;; AUTHORITY SECTION:
dnsbed.com. 172800 IN NS ns5.cloudwebdns.com.
dnsbed.com. 172800 IN NS ns6.cloudwebdns.com.
;; ADDITIONAL SECTION:
ns5.cloudwebdns.com. 172800 IN A 209.141.54.207
ns6.cloudwebdns.com. 172800 IN A 116.251.209.248
ns6.cloudwebdns.com. 172800 IN A 84.200.77.142
;; Query time: 1291 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon Jul 8 16:45:41 2013
;; MSG SIZE rcvd: 124
The server a.gtld-servers.net returns two NS records along with the
additional IPs. They are not glue IMO, b/c I was not querying for the
domain cloudwebdns.com. Will a cache server believe the ADDITIONAL
SECTION in this case?
Thanks in advance.
On 2013-6-28 10:04, Feng He wrote:
> Hi,
>
> Sorry for my not good english.
> Says I have a domain a.com, whose NS records are:
> ns1.b.com
> ns2.b.com
>
> But b.com is not auth-resolved by my nameserver, for example, its
> auth-servers are registrar's.
>
> a.com is auth-resolved by my own nameservers, the NS records look as:
>
> a.com. 111 IN NS ns1.b.com.
> a.com. 111 IN NS ns2.b.com.
>
> But, if I add the zone b.com into the nameservers' zone file (though the
> zone is not auth-resolved by my servers as I've said), and setup the A
> records with fake IP for ns1.b.com and ns2.b.com. When query for:
> dig a.com ns
>
> The nameservers will answer with the additional section whose content is
> the fake IPs.
>
> ;; ANSWER SECTION:
> a.com. 111 IN NS ns1.b.com.
> a.com. 111 IN NS ns2.b.com.
>
> ;; ADDITIONAL SECTION:
> ns1.b.com. 111 IN A 1.2.3.4
> ns2.b.com. 111 IN A 5.6.7.8
>
> Will this make the world's DNS cache not work? i.e, the ISP's public DNS
> servers.
>
> Thanks.
More information about the dns-operations
mailing list