User Tools

Site Tools


networking:dns:lame_nameserver_delegation

Networking - DNS - LAME Nameserver Delegation

A nameserver which gives non-authoritative answer is usually called 'LAME'.

Every domain must have at least 2 nameservers and if each is asked, and if they all have domain zone information, they will all give an authoritative answer. If not it's a 'lame delegation'.

Refer to RFC 1912 section 2.8..

An example of lame delegation is:

example.com     IN    NS     ns1.example.com
example.com     IN    NS     ns2.example-server.net

ns1.example.com is configured to have zone information about the domain but ns2.example-server.net was not configured properly and does not have any information about the domain. So ns1 will answer authoritatively whereas ns2 won't which will be 'lame' until it is set up properly.

To get more in-depth understanding, use the dig tool for example.com.

1. First we find the nameservers of example.com:

dig example.com NS

;; ANSWER SECTION:
example.com.            158240  IN      NS      a.iana-servers.net.
example.com.            158240  IN      NS      b.iana-servers.net.

2. Since we have received 2 nameservers, we ask each of them whether they give authoritative answer. If it's authoritative, the 'aa' flag in the header will be set in the answer received ('aa' is authoritative answer).

dig @b.iana-servers.net example.com NS
dig @a.iana-servers.net example.com NS
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60896
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;example.com.                   IN      NS
 
;; ANSWER SECTION:
example.com.            172800  IN      NS      a.iana-servers.net.
example.com.            172800  IN      NS      b.iana-servers.net.

Look in the flags.

flags: qr aa rd

Since 'aa' is set in the answer, then both the nameservers of example.com provide authoritative answer. If it is lame delegation you won't get the authoritative answer.

CAUTION:

You should not use CNAME (alias) along with NS records as it often confuses most resolvers causing loops and often leads to 'lame' delegation.

example.com.     IN    NS     ns1.example.com.
example.com.     IN    NS     ns2.example.com.
example.com.     IN    CNAME  ns9.example-server.net

So never use CNAME along with NS records.

networking/dns/lame_nameserver_delegation.txt · Last modified: 2021/01/10 21:09 by peter

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki