On 19 December 2013 00:48, houguanghua <houguang...@hotmail.com> wrote: > If DLG isn't enabled (bind9+view + zone file , no DB is used), the > additional section is right. Maybe it's a bug of Bind DLG.
What is DLG? > What I wanted is as follows : > $ dig @10.3.103.177 www.ctyun.cn > ; <<>> DiG 9.6-ESV-R10-P1 <<>> @10.3.103.177 www.ctyun.cn > > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30600 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2 > ;; WARNING: recursion requested but not available > ;; QUESTION SECTION: > ;www.ctyun.cn. IN A > ;; ANSWER SECTION: > www.ctyun.cn. 3600 IN A 211.162.106.2 > www.ctyun.cn. 3600 IN A 211.162.106.1 > ;; AUTHORITY SECTION: > ctyun.cn. 3600 IN NS ns1.ctyun.cn. > ctyun.cn. 3600 IN NS ns2.ctyun.cn. > ;; ADDITIONAL SECTION: > ns1.ctyun.cn. 3600 IN A 211.16.106.251 > ns2.ctyun.cn. 3600 IN A 211.16.106.252 > > ;; Query time: 137 msec > ;; SERVER: 10.3.103.177#53(10.3.103.177) > ;; WHEN: Thu Dec 19 08:43:58 > ;; MSG SIZE rcvd: 130 That might be what you want, but that's not what you asked for, you asked for the www.ctyun.cn A record. If you want the NS records explicitly ask for them. Additional is just that, it's additional data, if the name server that you have queried against has them in it's cache then it may/may not return them (depending on your config). My personal preference here is if you are an authoritative server then you should be returning only what was asked for (config option minimal-responses = yes), if you are a caching server then chuck everything back at the client that you have (minimal-responses = no, the options additional-from-cache and additional-from-auth should already be set to yes by default and bind will then decide when it's appropriate to send back additional data). In your first dig, recursion was enabled, but it didn't need to do a recursive request as it is authoritative for the ctyun.cn zone. In your second dig, recursion is disabled, but it is still authoritative for the ctyun.cn zone so I'm not sure why it would return the additional records, it doesn't need to as it's simply additional data. Without seeing the bind config it's difficult to diagnose from just a dig query. Steve _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users