SERVFAIL <=> NXDOMAIN
Peter Koch
pk at DENIC.DE
Fri Jul 6 09:50:25 UTC 2007
On Fri, Jul 06, 2007 at 11:06:52AM +0200, Irenäus Becker wrote:
> further problems with nic.at because our .at - zone returns a SOA-Record
> for queried zone.
> The "dig SOA"- command returns:
what are the other parameters of this commend, i.e. which domain were you
querying for?
> [...]
> ;; AUTHORITY SECTION:
> at. 600 IN SOA rns-bind.dss.
> hostmaster.head.dss. 2007052100 3600 1800 3600000 600
> [...]
I guess I wrote ...
> >(here: AT) zone on your server(s). But careful: there may be side effects
> >and you should make sure not to leak false information. The bottom line
for a reason. If at all, you should have copied the correct AT values.
Again, this is an ugly hack, the problem definitely lies elsewhere.
> Is this a correct root-zone file for NSD? I did not found any examples
> on the net.
There is no such thing as a "root-zone file for NSD", because the root zone
file is server independent. Your example didn't contain any TLD delegation,
which is also probably not what you want. You might have seen "root hints"
for, say, BIND, but since NSD is not offering recursive service, it doesn't
need such a beast.
> Is it possible to configure the nameserver, that he does not return this
> SOA?
The SOA RR in the authority section is there to make negative caching work
per RFC 2308. Configuring or patching it away would make the responses
non-standards-compliant.
The underlying assumption that a server should return an NXDOMAIN for a
domain it doesn't serve, is wrong.
-Peter
More information about the nsd-users
mailing list