1. What is a lame delegation?
A lame delegation results when a name server is designated as the authoritative server for a domain name zone, but is not configured to return authoritative data when queried for the Start of Authority (SOA) of said zone.
The non-authoritative answers of such servers may contain errors or other types of replies that would not be expected from an authoritative DNS server.
2. What are the different response types that the verification system can return in lame delegation checks?
AA: Authoritative Answer
This is not an error message. Instead, it specifies that the queried DNS servers have authoritative data for a reverse zone or domain in their local configuration files. This means that the server is correctly configured with authority over the reverse domain or zone.
TIMEOUT: Timer expired without receiving a response
No DNS query response received during the expected time.
NOAA: No authoritative answer over a reverse zone or domain
The DNS server contains data for the reverse zone or domain, but this data is not available in its local configuration files. Instead, the DNS has learned this information from other DNS servers, meaning that the validity of this information cannot be fully trusted.
UDN: Unknown Domain Name
The DNS server does not have any information on the reverse zone or domain for which it was queried.
UH: Unknown Host
The DNS server registered in LACNIC’s system as authoritative for the reverse resolution of an IP block was not found or does not exist.
FAIL: DNS server error/fault
An error or fault was reported by the DNS server.
QREFUSED: DNS query refused
The DNS server refused the query.
CREFUSED: Connection refused
A connection to the DNS server was established, but the server does not accept DNS queries. This means that no DNS server software is running on the server.
CNAME: Canonical name
The name of the registered DNS server is not the actual name of the server, but a nickname. This configuration is not recommended for DNS servers.
NOT SYNC ZONE: Zone not synchronized
The version of the reverse zone configuration in one of the DNS servers is different from the version in the remaining authoritative DNS servers for the same reverse zone.
3. Where can I find more information on how to configure DNS servers?
- On the following websites:
- CCU Unicamp (in Portuguese)
- LDP DNS-HOWTO
- Formal definitions of the DNS protocol
In the book: Paul Albitz and Cricket Liu (editors), DNS and BIND, 4th. Edition, O’Reilly Media, Inc.
The following link shows statistics on lame delegations in reverse zones that use number resources managed by LACNIC: ‹https://lacnic.net/en/lame_delegation.html›