[dns-operations] about the ADDITIONAL SECTION
Mark Andrews
marka at isc.org
Fri Jun 28 03:45:48 UTC 2013
In message <51CCEF49.8030003 at nsbeta.info>, Feng He writes:
> Hi,
>
> Sorry for my not good english.
> Says I have a domain a.com, whose NS records are:
> ns1.b.com
> ns2.b.com
>
> But b.com is not auth-resolved by my nameserver, for example, its
> auth-servers are registrar's.
>
> a.com is auth-resolved by my own nameservers, the NS records look as:
>
> a.com. 111 IN NS ns1.b.com.
> a.com. 111 IN NS ns2.b.com.
This is expected and good.
> But, if I add the zone b.com into the nameservers' zone file (though the
> zone is not auth-resolved by my servers as I've said), and setup the A
> records with fake IP for ns1.b.com and ns2.b.com. When query for:
> dig a.com ns
Do not do this. This is bad.
> The nameservers will answer with the additional section whose content is
> the fake IPs.
>
> ;; ANSWER SECTION:
> a.com. 111 IN NS ns1.b.com.
> a.com. 111 IN NS ns2.b.com.
>
> ;; ADDITIONAL SECTION:
> ns1.b.com. 111 IN A 1.2.3.4
> ns2.b.com. 111 IN A 5.6.7.8
>
> Will this make the world's DNS cache not work? i.e, the ISP's public DNS
> servers.
>
> Thanks.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list