[nsd-users] NSD returns SERVFAIL instead of REFUSED

Arun N S ns.arunns at gmail.com
Tue Jul 19 09:18:15 UTC 2011

Yeah, Thanks for the response, I got it clear

Appendix B  Details on specific design and implementation choices.

B.1. Returning the root delegation when no answer can be found

   From RFC1034/1035 it is not obvious if returning a root delegation
   is a (non-)requirement for authoritative servers.

   We have decided not to implement a root-hints since an
   authoritative server should in normal circumstances only receive
   queries for which the server is authoritative.

   Also see RFC 1123 section

   Whenever an answer cannot been provided we return a SERVFAIL. It
   has been argued that this is a policy decision and thus a REFUSE
   should be returned. However, in the spirit of RFC1034/1035 a server
   should return cached data, if that cache cannot be reached a SERVFAIL
   is an appropriate response.

   Also see the discussion on the 'namedroppers list' Starting April
   2002 with subject "name server without root cache "


On Tue, Jul 19, 2011 at 11:33 AM, Jaap Akkerhuis <jaap at nlnetlabs.nl> wrote:

>    On Sun, Jul 17, 2011 at 10:34:56AM +0300,
>     Arun N S <ns.arunns at gmail.com> wrote
>     a message of 55 lines which said:
>    > I was wondering why NSD returns SERVFAIL for recursive queries,
>    > normally it is REFUSED ?
>    AFAIK, no RFC explicitely says what a name server should return when
>    it does not accept out-of-zone queries.
> It is discussed somewhat in the document "differences.tex" (differences
> between bind & nsd) and the RQUIREMENTS document (Appendix B.1).
>        jaap
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20110719/5626fdae/attachment.htm>

More information about the nsd-users mailing list