Alex van den Bogaerdt [alex(_at_)ergens(_dot_)op(_dot_)het(_dot_)net] wrote:
On Fri, Jan 14, 2005 at 08:56:50AM -0800, william(at)elan.net wrote:
2. By DNS standards SOA MUST be returned only if its actual ZONECUT
and for all other cases its not mandatory.
- in practice most dns servers do return it even if you look up
hostname within zone but not directly zonecut
They don't really return it, they hint where the information can
be found. "The number of answers is zero and this is an authoritative
answer, given by $authority". Or do you actually get an answer, not
a hint, when you query for the SOA record somewhere down the zone?
Yes, you do:
| io:~> dig www.verisign.net SOA +multiline
|
| ; <<>> DiG 9.2.4 <<>> www.verisign.net SOA +multiline
| ;; global options: printcmd
| ;; Got answer:
| ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59984
| ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
|
| ;; QUESTION SECTION:
| ;www.verisign.net. IN SOA
|
| ;; AUTHORITY SECTION:
| verisign.net. 695 IN SOA bay-w1-inf5.verisign.net.
vshostmaster.verisign.com. (
| 2005011301 ; serial
| 10800 ; refresh (3 hours)
| 3600 ; retry (1 hour)
| 604800 ; expire (1 week)
| 3600 ; minimum (1 hour)
| )