Just to be clear, in hari's reply is the answer to RB's question, in other words, you will get a Authoritative Answer (AA bit set) when the answer comes from a server that has the SOA for the zone.
BTW, when did .ug get signed? ; <<>> DiG 9.3.2 <<>> @root.eahd.or.ug ug. ANY ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1928 ;; flags: qr aa rd; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ug. IN ANY ;; ANSWER SECTION: ug. 14400 IN SOA root.eahd.or.ug. mpeirwe.eahd.or.ug. 2011103114 86400 3600 2592000 14400 ug. 14400 IN RRSIG SOA 8 1 14400 20111205230000 20111026230000 32350 ug. fbY542Cdlf3jYnxZNHx89IVmuWb7B3EAkCsrI8ueIsTcMVCJ xodStH2I CHx4twwaBbn5OeFlnx5F4zdoLcrhWyrm2CMImgCskGL2eeyaeXMoNhnA ljEtdj3EQ+mnAVBvPqmqz+arLMPrY6i6aOKOofzhxhIWB7uzPVak+S6E DKQ= ug. 3600 IN NS anycast.eahd.or.ug. ug. 3600 IN NS ns-ext.isc.org. ug. 3600 IN NS ns.icann.org. ug. 3600 IN NS root.eahd.or.ug. ug. 3600 IN NS ug.cctld.authdns.ripe.net. ug. 3600 IN RRSIG NS 8 1 3600 20111205230000 20111026230000 32350 ug. RwOmQoUSz+JRza4y34OOOBtBVMwzDAD1HGBNgajdY1KLRqrFCM dLr9wa 3bin+zfBUD3kmvmfsXvNJ4E4clgelIgq9Xjr1yrNMv6xSjABsKiy/zqk QMh7GAJc3wtKwVY2H4i8VcamW74FTHfvE8m7MMeConPQpPjAceRjXja2 hlo= ug. 86400 IN DNSKEY 256 3 8 AwEAAbNWgA4PestzF/51O8/fALczGR68PiAmbAfZP3x4fFAMBTvhV9c4 TGvElVvjXglhOBBykevboQNT+N9uqbF2bF4+m 5ObG4/TQRlY2Yb9xONB pJeI2IkbMpbPR4hzDefhSljgLKSOZd+zwqyHAJKeid1abNuufgyU4G1f 34NOTiFJ ug. 86400 IN DNSKEY 257 3 8 AwEAAexiJPmtv4p5on0fg4v9J02SHy++iKT88DJWmBNl8Zjo0m18YOv0 wBN5bZSCl2B3Kx/+OTKoeQ0ZHE/awQGAqmsnt RhXov9jYDmrWIMMc/kh lUOsg670VYuqCPPatumk2yRtC4WNmNaV+I8okwpjLHYM9Q48AzQpQr7V gXI08CyErPjDWxYqPBqAFi8ezrWsggnWCZ3XtjU6+3Hntl67H7i+H4FL /B9zvuP9bYnzxnTF WzSw+iHWvaKD2bRNcSq7w7on6DjU2x61lXAGkFLk 0qAkhLOw5r8BA/tJ3dwwkmJN8W35JFBHpQR9ZH6ZTn38Fu+HOmlTrLwA I5l2fxfauN8= ug. 86400 IN DNSKEY 256 3 8 AwEAAaPhBn45LgB9u+sVHvlzbfd/yl4PLul15PR4zZBXxf9tKxLZAd6L mpauxChmtoTUi7mtRH95nHwaPAsxX0OEoTNLN yMJl/8KJibzNdRWFCHe SMXGnYlInFJKmkXTj/cVbGzE43EN5f0B6xqVNaQW77/Oo+RTGe3dDSbz 8q+85lnH ug. 86400 IN RRSIG DNSKEY 8 1 86400 20111206000000 20111027000000 2767 ug. aHeVE4BBP8jJGma0qwXhGi2rUgONSZE67yommdJeH20In2 9SQpIS3/wF Qvm/buLQ0N5jc/eJOcsqL9sYEch37hW9TsPB85sRYnX/orD6oIvaX51C IeBRnlVUCmAapa1G/NhFaHT+ZinvHYEiUTZRoRNwoHbatgJPUe9sZOWx 3GXnPqB+BfMSLzc1E7WH5BvDh 3Ke/YFEfflsa7tMEkWH+AjcRGSsTL3n 0j72ngmFPxbrxMvUkTbvK3Ps+K9q2La5FHpOqg8nmCqNIptyOO0Mspx6 dLHNj89W2f4WBIAlVnqtSR2vFwRp1UHZhw29R/AO6ZqmqlSfhRaqiEsQ IB8D 0w== ug. 0 IN TYPE51 \# 9 0100000A046F1F6F40 ug. 0 IN RRSIG TYPE51 8 1 0 20111205230000 20111026230000 32350 ug. nTG7+oyXp9i/GKo6/IRg6xA6s45JzGP/uQ8pFkmKcUnphkD9r JZPU19h OgybKfDBcNyVw9fUesXNcb/Ewn5v6MaOrIdzuoKZOVLtTOLduRDt9VH4 XVLvAJLZcVG4NWLjBQvbgwwUiQ+mY8GLdIAsHv8/cmtD3i4f2j/XvydW G3U= ;; Query time: 421 msec ;; SERVER: 212.88.97.132#53(212.88.97.132) ;; WHEN: Mon Oct 31 14:44:37 2011 ;; MSG SIZE rcvd: 1572 and why is MTN no longer running a NS for .ug? I see ISC, ICANN and RIPE as secondaries, but no one in UG (except CFI/eahd). Just curious!? Regards, McTim On 10/31/11, Hari Kurup <[email protected]> wrote: > On 31 October 2011 12:00, Reinier Battenberg < > [email protected]> wrote: > >> ** >> >> (does someone know why this authoritive secion is sometimes missing?) >> > > > The first answer you got has the aa flag set whereas the second does not. > This means that the first answer was gotten from an authoritative server > for that domain while the second answer from 8.8.8.8 was out of a dns cache. > Hope this helps. > > -- > Hari > > > > >> As an example, here are 2 digs for our webserver. Once on our internal >> network, and once to the google nameservers: >> >> >> reinier@mountlab6:/var/www/finddistrict/ochacd$ dig @server1 >> www.mountbatten.net >> >> >> ; <<>> DiG 9.7.3 <<>> @server1 www.mountbatten.net >> >> ; (1 server found) >> >> ;; global options: +cmd >> >> ;; Got answer: >> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26854 >> >> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1 >> >> >> ;; QUESTION SECTION: >> >> ;www.mountbatten.net. IN A >> >> >> ;; ANSWER SECTION: >> >> www.mountbatten.net. 259200 IN CNAME hosting2.mountbatten.net. >> >> hosting2.mountbatten.net. 259200 IN A 213.239.217.9 >> >> >> ;; AUTHORITY SECTION: >> >> mountbatten.net. 259200 IN NS ns.mountbatten.net. >> >> >> ;; ADDITIONAL SECTION: >> >> ns.mountbatten.net. 259200 IN A 127.0.0.1 >> >> >> ;; Query time: 0 msec >> >> ;; SERVER: 192.168.38.4#53(192.168.38.4) >> >> ;; WHEN: Mon Oct 31 11:59:25 2011 >> >> ;; MSG SIZE rcvd: 109 >> >> >> reinier@mountlab6:/var/www/finddistrict/ochacd$ dig @8.8.8.8 >> www.mountbatten.net >> >> >> ; <<>> DiG 9.7.3 <<>> @8.8.8.8 www.mountbatten.net >> >> ; (1 server found) >> >> ;; global options: +cmd >> >> ;; Got answer: >> >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55052 >> >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 >> >> >> ;; QUESTION SECTION: >> >> ;www.mountbatten.net. IN A >> >> >> ;; ANSWER SECTION: >> >> www.mountbatten.net. 1165 IN CNAME hosting2.mountbatten.net. >> >> hosting2.mountbatten.net. 1165 IN A 213.239.217.9 >> >> >> ;; Query time: 255 msec >> >> ;; SERVER: 8.8.8.8#53(8.8.8.8) >> >> ;; WHEN: Mon Oct 31 11:59:33 2011 >> >> ;; MSG SIZE rcvd: 76 >> >> >> >> >> > -- Cheers, McTim "A name indicates what we seek. An address indicates where it is. A route indicates how we get there." Jon Postel _______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
