Here is an example from performing an nslookup from a Unix server (IPs and domains all fake):
$ nslookup > set type=srv > _kerberos._tcp.example.com Server: 192.168.1.100 Address: 192.168.1.100#53 Non-authoritative answer: _kerberos._tcp.example.com service = 0 100 88 dc01.example.com. _kerberos._tcp.example.com service = 0 100 88 dc02.example.com. Authoritative answers can be found from: . nameserver = h.root-servers.net. . nameserver = e.root-servers.net. . nameserver = a.root-servers.net. . nameserver = l.root-servers.net. . nameserver = d.root-servers.net. . nameserver = f.root-servers.net. . nameserver = k.root-servers.net. . nameserver = i.root-servers.net. . nameserver = b.root-servers.net. . nameserver = m.root-servers.net. . nameserver = c.root-servers.net. . nameserver = j.root-servers.net. . nameserver = g.root-servers.net. dc00.example.com internet address = 192.168.1.200 dc01.example.com internet address = 192.168.1.201
Is there a way I can prevent BIND from sending that extra section and just return the Non-authoritative answers?
EDIT 1: I took out the part where I said I don’t think Windows nslookup knows what to do with the results. It does know, but it just doesn’t label it as such.
EDIT 2: When using a Windows DNS server, it doesn’t include the root servers as part of the answer.
EDIT 3: We’ve only noticed this with SRV records.
Answer
Comment from Brandon Xavier worked. Placing the following in the global options block of named.conf prevented BIND from sending the additional data:
minimal-responses yes;
Attribution
Source : Link , Question Author : roartechs , Answer Author : roartechs