Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

non-authoritative responses

1 view
Skip to first unread message

Spin

unread,
Apr 3, 2003, 1:23:23 PM4/3/03
to
I thought non-authoritative responses came from either DNS Cache or from an
external DNS server such as provide by an ISP. Am I wrong?

Herb Martin

unread,
Apr 3, 2003, 2:49:09 PM4/3/03
to
> I thought non-authoritative responses came from either DNS Cache or from
an
> external DNS server such as provide by an ISP. Am I wrong?

You are essentially correct..

We might state it (only) a bit more accurately like this:

Authoritative responses come from the servers of that
zone: Primary (or AD-Integrated) and Secondary DNS
servers of that zone.

Non-Authoritative answers come from any other DNS
server or responders which cached the record, those
who do NOT hold a copy of the Zone file for that
particular zone.


Herb Martin
He...@LearnQuick.Com
"Spin" <sp...@spin.com> wrote in message
news:b6hu6s$5jtpe$1...@ID-156865.news.dfncis.de...

Roger Seielstad

unread,
Apr 4, 2003, 9:33:46 AM4/4/03
to
"Spin" <sp...@spin.com> wrote in
news:b6hu6s$5jtpe$1...@ID-156865.news.dfncis.de:

> I thought non-authoritative responses came from either DNS Cache or
> from an external DNS server such as provide by an ISP. Am I wrong?

You are correct, however there are options in BIND to expand the breadth of
what is returned as a non-authorititative answer.


--
Roger D. Seielstad
Email Geek

Jonathan de Boyne Pollard

unread,
Apr 15, 2003, 2:09:03 PM4/15/03
to
S> I thought non-authoritative responses came from either DNS Cache
S> or from an external DNS server such as provide by an ISP. Am I
S> wrong?

Yes. The value of the AA bit in a response is determined by _both_
where the data being served up originated _and_ what those data in fact
actually are. I'd explain the exact rule in more detail, but it isn't
worth bothering with. The whole concept of a response's "authority"
that the RFCs propound is in fact completely unnecessary. Don't become
too hung up on what are and are not "authoritative data", and on the
value of the AA bit. In practice, resolving proxy DNS servers should,
and (apart from BIND's atrociously broken "credibility" mechanism) do,
take no notice of the AA bit at all. The only entities to whom it is at
all important are, ironically enough, human beings running tools such as
"dnsq" or "dig" and looking at their output. The AA bit is a vestigal
part of the DNS protocol that waw the result of a flawed model of DNS
operation that was mistakenly initially adopted. It cannot go away from
the protocol itself, of course. But we certainly should ignore it.

Jonathan de Boyne Pollard

unread,
Apr 15, 2003, 2:09:26 PM4/15/03
to
S> I thought non-authoritative responses came from either DNS Cache or
S> from an external DNS server such as provide by an ISP. Am I wrong?

RS> You are correct, [...]

No, he isn't. Read RFC 1034 section 4.2.1 again.

0 new messages