. hint zone records lookup with +norec
Ladislav Vobr
lvobr at ies.etisalat.ae
Mon Feb 23 07:48:54 UTC 2004
I am running 9.2.2, internal caching server + authoritative with 2 views
and have noticed in recent days increase on load. I am still
investigating it's like around 30-40% without any clear reason.
I have noticed that I cannot do +norec dig for some of the root-servers
a records, is that normal? As you can see below I can not do +norec for
a.root, but I can do it for c.root. And why in the authority section it
is only 4 servers listed? Shouldn't I be able to get any record from the
. hint zone with +norec?
I don't' have local connectivity problem I can connect to A.root or any
other root server.
my named.root .hint zone
[dxbins1:/usr/local/named]#grep A.ROOT named.root
. 421476 IN NS A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 507876 IN A 198.41.0.4
[dxbins1:/usr/local/named]#grep C.ROOT named.root
. 421476 IN NS C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET. 507876 IN A 192.33.4.12
[dxbins1:/usr/local/named]#dig A A.ROOT-SERVERS.NET. @127.0.0.1 +norec
; <<>> DiG 9.2.2 <<>> A A.ROOT-SERVERS.NET. @127.0.0.1 +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17581
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 3
;; QUESTION SECTION:
;A.ROOT-SERVERS.NET. IN A
;; AUTHORITY SECTION:
ROOT-SERVERS.NET. 604705 IN NS f.ROOT-SERVERS.NET.
ROOT-SERVERS.NET. 604705 IN NS j.ROOT-SERVERS.NET.
ROOT-SERVERS.NET. 604705 IN NS k.ROOT-SERVERS.NET.
ROOT-SERVERS.NET. 604705 IN NS A.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
f.ROOT-SERVERS.NET. 573643 IN A 192.5.5.241
j.ROOT-SERVERS.NET. 604705 IN A 192.58.128.30
k.ROOT-SERVERS.NET. 573650 IN A 193.0.14.129
;; Query time: 7 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:31:59 2004
;; MSG SIZE rcvd: 146
without +norec I get the answer
[dxbins1:/usr/local/named]#dig A A.ROOT-SERVERS.NET. @127.0.0.1
; <<>> DiG 9.2.2 <<>> A A.ROOT-SERVERS.NET. @127.0.0.1
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14700
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3
;; QUESTION SECTION:
;A.ROOT-SERVERS.NET. IN A
;; ANSWER SECTION:
A.ROOT-SERVERS.NET. 604800 IN A 198.41.0.4
;; AUTHORITY SECTION:
ROOT-SERVERS.NET. 604800 IN NS j.ROOT-SERVERS.NET.
ROOT-SERVERS.NET. 604800 IN NS k.ROOT-SERVERS.NET.
ROOT-SERVERS.NET. 604800 IN NS A.ROOT-SERVERS.NET.
ROOT-SERVERS.NET. 604800 IN NS f.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
f.ROOT-SERVERS.NET. 573738 IN A 192.5.5.241
j.ROOT-SERVERS.NET. 604800 IN A 192.58.128.30
k.ROOT-SERVERS.NET. 573745 IN A 193.0.14.129
;; Query time: 18 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:30:24 2004
;; MSG SIZE rcvd: 162
and for c.root with +norec
[dxbins1:/usr/local/named]#dig A C.ROOT-SERVERS.NET. @127.0.0.1 +norec
; <<>> DiG 9.2.2 <<>> A C.ROOT-SERVERS.NET. @127.0.0.1 +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56446
;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3
;; QUESTION SECTION:
;C.ROOT-SERVERS.NET. IN A
;; ANSWER SECTION:
C.ROOT-SERVERS.NET. 604686 IN A 192.33.4.12
;; AUTHORITY SECTION:
ROOT-SERVERS.NET. 604693 IN NS j.ROOT-SERVERS.NET.
ROOT-SERVERS.NET. 604693 IN NS k.ROOT-SERVERS.NET.
ROOT-SERVERS.NET. 604693 IN NS a.ROOT-SERVERS.NET.
ROOT-SERVERS.NET. 604693 IN NS f.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
f.ROOT-SERVERS.NET. 604688 IN A 192.5.5.241
j.ROOT-SERVERS.NET. 604693 IN A 192.58.128.30
k.ROOT-SERVERS.NET. 604691 IN A 193.0.14.129
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:34:42 2004
;; MSG SIZE rcvd: 164
another thing I have noticed is that without using +norec I can not
lookup NS some records for example af.mil although I have them in the cache.
[dxbins1:/usr/local/named/logs]#dig ns af.mil
; <<>> DiG 9.2.2 <<>> ns af.mil
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13521
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;af.mil. IN NS
;; Query time: 2367 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:47:08 2004
;; MSG SIZE rcvd: 24
[dxbins1:/usr/local/named/logs]#dig ns af.mil +norec
; <<>> DiG 9.2.2 <<>> ns af.mil +norec
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61523
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0
;; QUESTION SECTION:
;af.mil. IN NS
;; AUTHORITY SECTION:
af.mil. 85991 IN NS NS.MAXWELL.af.mil.
af.mil. 85991 IN NS MARS.AFNOC.af.mil.
af.mil. 85991 IN NS PAPA1.BARKSDALE.af.mil.
af.mil. 85991 IN NS DELTA1.BARKSDALE.af.mil.
af.mil. 85991 IN NS ARTEMIS.AFNOC.af.mil.
af.mil. 85991 IN NS NS.USAFE.af.mil.
;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:47:16 2004
;; MSG SIZE rcvd: 170
Thanks for any help
Ladislav
More information about the bind-users
mailing list