why include an answer in the query?
Peter Dambier
peter at peter-dambier.de
Wed Apr 19 17:52:56 UTC 2006
Kent Tong wrote:
> Hi,
>
> We have a local DNS server that uses the ISP's DNS server
> as a forwarder. Usually it is working fine. But recently
> we find that it can't resolve www.yahoo.com (but yahoo.com
> is OK), because the ISP's DNS server is not responding to
> the query on www.yahoo.com (but does respond to a queries
> on yahoo.com). However, using the "host" command to query
> the ISP's DNS server directly works fine for both domain
> names. So Yahoo is working and the ISP's DNS server is also
> working fine.
>
> Using tcpdump we find that if the query is for www.yahoo.com,
> our local DNS server will include an answer in the query
> to the ISP's DNS server (tcpdump shows the [1au] flag for
> the DNS packet), while for yahoo.com it won't:
>
> [root at cladmr003 root]# tcpdump -A -i eth2 port 53
> tcpdump: verbose output suppressed, use -v or -vv for full
> protocol decode listening on eth2, link-type EN10MB (Ethernet),
> capture size 96 bytes
> 14:54:55.723957 IP n8z108l98.broadband.ctm.net.1751 >
> macau.ctm.net.domain: 34796+ [1au] A? www.yahoo.akadns.net. (49)
>
> E..M.. at .@.5...lb.......5.9...............www.yahoo.akadns.net...
> ....)........
>
> Do you think it is this answer that is causing the ISP's DNS
> server to reject the query? If no, what else could be causing
> this behavior?
>
> Thanks!
I guess here is the fontain of all headaches:
; <<>> DiG 9.1.3 <<>> -t any www.yahoo.com @ns3.yahoo.com.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48213
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
;; QUESTION SECTION:
;www.yahoo.com. IN ANY
;; ANSWER SECTION:
www.yahoo.com. 300 IN CNAME www.yahoo.akadns.net.
;; AUTHORITY SECTION:
yahoo.com. 172800 IN NS ns1.yahoo.com.
yahoo.com. 172800 IN NS ns2.yahoo.com.
yahoo.com. 172800 IN NS ns3.yahoo.com.
yahoo.com. 172800 IN NS ns4.yahoo.com.
yahoo.com. 172800 IN NS ns5.yahoo.com.
;; ADDITIONAL SECTION:
ns1.yahoo.com. 172800 IN A 66.218.71.63
ns2.yahoo.com. 172800 IN A 66.163.169.170
ns3.yahoo.com. 172800 IN A 217.12.4.104
ns4.yahoo.com. 172800 IN A 63.250.206.138
ns5.yahoo.com. 172800 IN A 216.109.116.17
;; Query time: 81 msec
;; SERVER: 217.12.4.104#53(ns3.yahoo.com.)
;; WHEN: Wed Apr 19 19:38:20 2006
;; MSG SIZE rcvd: 235
; <<>> DiG 9.1.3 <<>> -t any www.yahoo.akadns.net @eur8.akadns.net.
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55465
;; flags: qr aa rd; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.yahoo.akadns.net. IN ANY
;; ANSWER SECTION:
www.yahoo.akadns.net. 60 IN A 216.109.118.76
www.yahoo.akadns.net. 60 IN A 216.109.118.77
www.yahoo.akadns.net. 60 IN A 216.109.117.206
www.yahoo.akadns.net. 60 IN A 216.109.118.66
www.yahoo.akadns.net. 60 IN A 216.109.118.70
www.yahoo.akadns.net. 60 IN A 216.109.117.207
www.yahoo.akadns.net. 60 IN A 216.109.117.110
www.yahoo.akadns.net. 60 IN A 216.109.117.109
;; Query time: 59 msec
;; SERVER: 62.4.69.96#53(eur8.akadns.net.)
;; WHEN: Wed Apr 19 19:42:04 2006
;; MSG SIZE rcvd: 166
I wonder what that tabarnak CNAME is good for but wasting
resolver memory.
On the other hand I wonder - when you have your own resolver,
why do you wait for somebody else to fail? Why dont you trust
your own resolver and ask the root-servers directly?
I dont know how good your ISPs resolver is. Mine takes 2 seconds
for some queries longer. Since I ignored forwarders DNS has become
much faster and there are fewer things I dont find.
Regards
Peter and Karin
--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
More information about the bind-users
mailing list