Bind-9 strangeness ?
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Thu Aug 14 21:01:25 UTC 2003
Strange behaviour of bind-9 during "odd" responses
In short, bind-9.2.2 ( on Intel/FreeBSD and sparc/Solaris)
drops all existing info about a name when "odd" error
is received.
Background, domain folkuniversitetet.se.
served by :
;; AUTHORITY SECTION:
folkuniversitetet.se. 84025 IN NS fuggns1.fu-v.com.
folkuniversitetet.se. 84025 IN NS dns2.utfors.se.
;; ADDITIONAL SECTION:
dns2.utfors.se. 22 IN A 195.58.103.111
fuggns1.fu-v.com. 59895 IN A 212.73.12.10
When TTL for dns2.utfors.se expires, queries seems
forced to go to fuggns1.fu-v.com
Asking for something non-existing
> dig folkuniversitetet.se. txt
; <<>> DiG 9.2.2 <<>> folkuniversitetet.se. txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24954
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;folkuniversitetet.se. IN TXT
;; AUTHORITY SECTION:
folkuniversitetet.se. 10800 IN SOA fuggns1.fu-v.com. dns.fu-v.com. 2003081303 10800 3600 604800 21600
;; Query time: 29 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Aug 14 21:29:00 2003
;; MSG SIZE rcvd: 94
Note that dig output says nothing strange here. But a
question about
> dig folkuniversitetet.se. ns
; <<>> DiG 9.2.2 <<>> folkuniversitetet.se. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14954
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;folkuniversitetet.se. IN NS
;; AUTHORITY SECTION:
folkuniversitetet.se. 8719 IN SOA fuggns1.fu-v.com. dns.fu-v.com. 2003081303 10800 3600 604800 21600
returns no information. Dumping database at this time
reveals :
dumpdb ger :
; authauthority
folkuniversitetet.se. 9908 \-ANY ;-$
; additional
fc.folkuniversitetet.se. 82997 A 212.247.178.101
; authanswer
www.folkuniversitetet.se. 82900 A 212.247.178.100
However, an ethereal done during the dig reveals
different and interesting info :
Frame 5 (80 on wire, 80 captured)
Arrival Time: Aug 14, 2003 21:29:00.047173000
Time delta from previous packet: 1684.431420000 seconds
Time relative to first packet: 1695.483370000 seconds
Frame Number: 5
Packet Length: 80 bytes
Capture Length: 80 bytes
Ethernet II
Destination: 00:00:d1:1b:aa:64 (00:00:d1:1b:aa:64)
Source: 00:a0:c9:de:35:e0 (00:a0:c9:de:35:e0)
Type: IP (0x0800)
Internet Protocol, Src Addr: n.manet.nu (212.91.140.35), Dst Addr: fuggns1.fu-v.com (212.73.12.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 66
Identification: 0x34b8
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0x0521 (correct)
Source: n.manet.nu (212.91.140.35)
Destination: fuggns1.fu-v.com (212.73.12.10)
User Datagram Protocol, Src Port: 2149 (2149), Dst Port: domain (53)
Source port: 2149 (2149)
Destination port: domain (53)
Length: 46
Checksum: 0xa731 (correct)
Domain Name System (query)
Transaction ID: 0x2f87 ( *** NOTE 1 )
Flags: 0x0000 (Standard query)
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... ...0 .... = Non-authenticated data OK: Non-authenticated data is unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
folkuniversitetet.se: type TXT, class inet
Name: folkuniversitetet.se
Type: Text strings
Class: inet
Frame 6 (136 on wire, 136 captured)
Arrival Time: Aug 14, 2003 21:29:00.073507000
Time delta from previous packet: 0.026334000 seconds
Time relative to first packet: 1695.509704000 seconds
Frame Number: 6
Packet Length: 136 bytes
Capture Length: 136 bytes
Ethernet II
Destination: 00:a0:c9:de:35:e0 (00:a0:c9:de:35:e0)
Source: 00:00:d1:1b:aa:64 (00:00:d1:1b:aa:64)
Type: IP (0x0800)
Internet Protocol, Src Addr: fuggns1.fu-v.com (212.73.12.10), Dst Addr: n.manet.nu (212.91.140.35)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 122
Identification: 0x2b01
Flags: 0x00
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 116
Protocol: UDP (0x11)
Header checksum: 0xda9f (correct)
Source: fuggns1.fu-v.com (212.73.12.10)
Destination: n.manet.nu (212.91.140.35)
User Datagram Protocol, Src Port: domain (53), Dst Port: 2149 (2149)
Source port: domain (53)
Destination port: 2149 (2149)
Length: 102
Checksum: 0xed30 (correct)
Domain Name System (response)
Transaction ID: 0x2f87 ( *** NOTE 1 )
Flags: 0x8483 (Standard query response, No such name)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not
authenticated by the server
.... .... .... 0011 = Reply code: No such name (3)
( *** NOTE 2 )
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 0
Queries
folkuniversitetet.se: type TXT, class inet
Name: folkuniversitetet.se
Type: Text strings
Class: inet
Authoritative nameservers
folkuniversitetet.se: type SOA, class inet, mname fuggns1.fu-v.com
Name: folkuniversitetet.se
Type: Start of zone of authority
Class: inet
Time to live: 6 hours
Data length: 44
Primary name server: fuggns1.fu-v.com
Responsible authority's mailbox: dns.fu-v.com
Serial number: 2003081303
Refresh interval: 3 hours
Retry interval: 1 hour
Expiration limit: 7 days
Minimum TTL: 6 hours
*** NOTE 1 ; TransactionID does not match, but these are
the same question.
*** NOTE 2 ; the answer is " 0011 = Reply code: No such name (3)"
This seem to erase all knowledge of folkuniversitetet.se
bind-8 does not seem to be affected by this.
Snippet of respons done to the dns2.utfors.se which seems
more familiar :
Domain Name System (response)
Transaction ID: 0xbbb2
Flags: 0x8490 (Standard query response, No error)
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .1.. .... .... = Authoritative: Server is an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 1... .... = Recursion available: Server can do recursive queries
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not
authenticated by the server
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 1
Additional RRs: 1
Queries
folkuniversitetet.se: type TXT, class inet
Name: folkuniversitetet.se
Type: Text strings
Class: inet
Authoritative nameservers
folkuniversitetet.se: type SOA, class inet, mname fuggns1.fu-v.com
Name: folkuniversitetet.se
Type: Start of zone of authority
Class: inet
Time to live: 6 hours
Data length: 44
Primary name server: fuggns1.fu-v.com
Responsible authority's mailbox: dns.fu-v.com
Serial number: 2003081303
Refresh interval: 3 hours
Retry interval: 1 hour
Expiration limit: 7 days
Minimum TTL: 6 hours
Additional records
<Root>: type OPT, class unknown
Name: <Root>
Type: EDNS0 option
UDP payload size: 4096
Higher bits in extended RCODE: 0x0
EDNS0 version: 0
Must be zero: 0x0
Data length: 0
Data
Now, is this a bug in bind-9 ? Or is this the "correct behaviour" ?
Peter h
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list