[dns-operations] a question on sub-zone authorization

Paul Vixie paul at redbarn.org
Thu Jun 1 15:01:40 UTC 2017

On Thu, Jun 1, 2017 at 8:28 AM, Peng Yonghua <pyh at vodafonemail.de> wrote:
>     $ dig org.uk <http://org.uk>. ns @d.root-servers.net
>     ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 8, ADDITIONAL: 13
>     ;; WARNING: recursion requested but not available

peng, you're being told something specific here. it is a referral, not
an answer. the server is not giving you what you asked for; it's telling
you where to find what you're asking for.

>     Then I dig this:
>     $ dig org.uk <http://org.uk>. ns @dns2.nic.uk <http://dns2.nic.uk>
>     ;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0

whereas here, you are being told the answer to your question.

>     I think the data path should be: root nameservers -> .uk nameservers
>     -> .org.uk <http://org.uk> nameservers
>     since .uk nameservers are the same with .org.uk
>     nameservers, so the reference from uk to org.uk is
>     not needed.
>     Do I guess it right? thanks in advance.

you do not guess right. in the second case, you asked for something that
the server was authoritative for -- so, you got an answer.

P Vixie

More information about the dns-operations mailing list