nsd
nsd copied to clipboard
NLnetLabs
minimal-responses: yes
Hello, Although the NSD service (NSD version 4.2) is configured with the setting: minimal-responses: yes
We can still query the server, and receive an answer with additional records included: $ dig @194.0.6.1 dns.be ns +dnssec +mu
; <<>> DiG 9.12.2-P1 <<>> @194.0.6.1 dns.be ns +dnssec +mu ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54418 ;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 13 ;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;dns.be. IN NS
;; ANSWER SECTION: dns.be. 86400 IN NS a.ns.dns.be. dns.be. 86400 IN NS b.ns.dns.be. dns.be. 86400 IN NS c.ns.dns.be. dns.be. 86400 IN NS d.ns.dns.be. dns.be. 86400 IN NS y.ns.dns.be. dns.be. 86400 IN RRSIG NS 8 2 86400 ( 20201026051741 20201016043450 13101 dns.be. C9YS5cfyoBJu8lGr/IjHek3Owlj9bcExFNhh480GwbTF q2M1vXT6ImVIVeWqnTCOlm1XWa791M89m0nFRvyvpxan 4UJXaDVIq6BuWyH75ZQUW5uFdayFiRB1fWqq2LoBRHL0 AbxYhCvIvkKabt72eYPqyJ9LBAR19QSGEAnFHGk= )
;; ADDITIONAL SECTION: a.ns.dns.be. 86400 IN A 194.0.6.1 a.ns.dns.be. 86400 IN RRSIG A 8 4 86400 ( 20201027163749 20201017163610 13101 dns.be. HQoYlrJqSWQXE5/pE2fTLaajDXAjdUWoeo8rzEfSMyWC 2KnOd2U9mVDDShoC9aQAzo6FrLno2QvHNnhjAfG7SPkV D3mmoYGik9gER4qiCl7AM3XW8H0wr5DyV4g2ObUxejRV 8NrCrxt8lPrtPzOkwahDU4w3w3em4r6iNAfUm4Q= ) b.ns.dns.be. 86400 IN A 194.0.37.1 b.ns.dns.be. 86400 IN RRSIG A 8 4 86400 ( 20201027163749 20201017163610 13101 dns.be. Mgj5oky2WW0f2KRLvqpPh/znC2wGHjt/zdqvKgelckT1 LYTmQ7n3LmZwhXWyhYQTaxQMWZYu7UqB3pc1cD/IMZhV XDdOyq6hi4S1c0dTGaOrj+FK4Z3R7S8mR/EbYewQ8XiT E6rChRbtbTDvkgb48ML+7hrthDjkZECoatRr3sE= ) c.ns.dns.be. 86400 IN A 194.0.43.1 c.ns.dns.be. 86400 IN RRSIG A 8 4 86400 ( 20201027142921 20201017141738 13101 dns.be. AqovP6hRTLfJ0douP9Y3K3PV2TpbgURi7vXwbfo6AujY YAmI7iRRC8HN3n58uiE5WQI1p/9nyaPo7z25MANb+ckA 2gGvIGOKquKl0bLyIj7eDM/9ZSywD9Wp556PkvKlcaB0 HDap9fvYEJiEioke9x+R0isSadGW+pR4yNd3srU= ) d.ns.dns.be. 86400 IN A 194.0.44.1 d.ns.dns.be. 86400 IN RRSIG A 8 4 86400 ( 20201027142921 20201017141738 13101 dns.be. UjP0rm2Sb8gAOZHIZKaccHAd4SBSE+jB5VdJ+MH+5qdd IwsuD1Aa12fETDHlSPM4SLZ5TYIe4vUCfeB7wCljiS6F aD5quoAAt0eCbB/SV2BVzSZALOngfvm7d3QeHcMuvj+P ptUjLfrmjggbpDDBHXVAYU0cejxiC/JAbA4GT+o= ) y.ns.dns.be. 86400 IN A 120.29.253.8 y.ns.dns.be. 86400 IN RRSIG A 8 4 86400 ( 20201027170554 20201017164435 13101 dns.be. A4UMun6uJ9owPa4+O0gU14zO+gPC1gsmnrPVI7NMm0Tw pKL9PZUk37kMv6+ZIbWdFrFgmDGi3OXpJ6r6Y1n7mm3i 1fCJ3Ezu0W6itwhD+cQQDd9rvQTNAlogmfkNdiMQ3EM4 LrM1Q4m7DQ1zYwbKl7Ti75K6u51QrZD+Ddtst1M= ) a.ns.dns.be. 86400 IN AAAA 2001:678:9::1 a.ns.dns.be. 86400 IN RRSIG AAAA 8 4 86400 ( 20201027163749 20201017163610 13101 dns.be. l9aEBGkmGBPTdpc9tgjHyq9noai8pogVhJuzPoUd3DsM up6IjKo4+0rYRjroEYjEQRi2tXWAgs5PQ4Gy6/eTYCMZ G0aEUzi8cPEwM2y2ovCq7VxtqZKvYCpFKtLsqTcECWI+ UOClxmPv40PY5acJGXnY0TK+Ug5LLaQSBiaaHow= )
;; Query time: 19 msec ;; SERVER: 194.0.6.1#53(194.0.6.1) ;; WHEN: Wed Oct 21 18:13:07 CEST 2020 ;; MSG SIZE rcvd: 1388
Is this the correct behaviour ?
Thank you, Regards, Geert Verheyen.
The minimal responses setting as it is implemented right now removes the NS record from the authority section and then those addresses from the additional section. The response you show has the additional section records that go with records in the answer section, in this case a record of type NS, and this is not something that minimal-responses removes.
So it only removes the gratuitous NS record from the authority section. And then also the A and AAAA for that NS record. But not other records, and this is what your example has.
