On Tuesday 25 May 2004 5:58 am, william(at)elan.net wrote:
What was discussed at the meeting is approach to this where if direct
lookup for _marid.user.host.domain.com fails, then as part of the failure
code dns server provides AUTHORITY section which contains information
about actual domain zone (i.e. most likely domain.com) and then lookup
can be done to _marid.domain.com for the default record.
This is a feature of *authoritative* DNS servers. The vast majority of those
will, indeed, return the name of the zone in the AUTHORITY section, either in
the form of an SOA record (when rcode=NXDOMAIN) or a set of NS records (when
rcode=NOERROR).
However, it would not be a good idea to count on the *application* being able
to reliably get that information. AFAIK, resolvers have no requirement to
return to the stub anything other than the answer. I know for a fact that
there are situations where even BIND will not return the SOA or the NS set:
when the answer is still in the cache, but the NS set has timed out, or the
qname is still being negatively cached, but the SOA has timed out.
--
David Blacka <davidb(_at_)verisignlabs(_dot_)com>
Sr. Engineer VeriSign Applied Research