why include an answer in the query?

Mark Andrews Mark_Andrews at isc.org
Fri Apr 21 02:20:40 UTC 2006 

> Hi,
> 
> We have a local DNS server that uses the ISP's DNS server 
> as a forwarder. Usually it is working fine. But recently 
> we find that it can't  resolve www.yahoo.com (but yahoo.com 
> is OK), because the ISP's DNS server is not responding to 
> the query on www.yahoo.com (but does respond to a queries 
> on yahoo.com). However, using the "host" command to query 
> the ISP's DNS server directly works fine for both domain
> names. So Yahoo is working and the ISP's DNS server is also 
> working fine.
> 
> Using tcpdump we find that if the query is for www.yahoo.com, 
> our local DNS server will include an answer in the query 
> to the ISP's DNS server (tcpdump shows the [1au] flag for 
> the DNS packet), while for yahoo.com it won't:
> 
> [root at cladmr003 root]# tcpdump -A -i eth2 port 53
> tcpdump: verbose output suppressed, use -v or -vv for full 
> protocol decode listening on eth2, link-type EN10MB (Ethernet), 
> capture size 96 bytes
> 14:54:55.723957 IP n8z108l98.broadband.ctm.net.1751 > 
> macau.ctm.net.domain: 34796+ [1au] A? www.yahoo.akadns.net. (49)
> 
> E..M.. at .@.5...lb.......5.9...............www.yahoo.akadns.net...
> ....)........
> 
> Do you think it is this answer that is causing the ISP's DNS 
> server to reject the query? If no, what else could be causing 
> this behavior?
> 
> Thanks!

	Your ISP's firewall is blocking EDNS responses that are bigger
	that 512 octets.  If I increase the bufsize to 2048 I get no
	response.  The response that is dropped has 4 more A records
	in the additional section (an additional 64 octets).

	The [1au] is named telling your ISP's nameservers that it is
	capable of receiving larger responses, see RFC 2671.

	Note I can get a response bigger that 512 octets from the root
	servers so this is not a local firewall issue.

	Mark

; <<>> DiG 9.3.2 <<>> www.yahoo.akadns.net @macau.ctm.net +bufsize=512
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1713
;; flags: qr rd; QUERY: 1, ANSWER: 8, AUTHORITY: 11, ADDITIONAL: 8

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yahoo.akadns.net.		IN	A

;; ANSWER SECTION:
www.yahoo.akadns.net.	25	IN	A	66.94.230.37
www.yahoo.akadns.net.	25	IN	A	66.94.230.42
www.yahoo.akadns.net.	25	IN	A	66.94.230.45
www.yahoo.akadns.net.	25	IN	A	66.94.230.47
www.yahoo.akadns.net.	25	IN	A	66.94.230.49
www.yahoo.akadns.net.	25	IN	A	66.94.230.75
www.yahoo.akadns.net.	25	IN	A	66.94.230.32
www.yahoo.akadns.net.	25	IN	A	66.94.230.35

;; AUTHORITY SECTION:
akadns.net.		6883	IN	NS	eur7.akadns.net.
akadns.net.		6883	IN	NS	eur8.akadns.net.
akadns.net.		6883	IN	NS	usc4.akadns.net.
akadns.net.		6883	IN	NS	use1.akadns.net.
akadns.net.		6883	IN	NS	use9.akadns.net.
akadns.net.		6883	IN	NS	usw5.akadns.net.
akadns.net.		6883	IN	NS	usw6.akadns.net.
akadns.net.		6883	IN	NS	usw7.akadns.net.
akadns.net.		6883	IN	NS	asia4.akadns.net.
akadns.net.		6883	IN	NS	asia9.akadns.net.
akadns.net.		6883	IN	NS	eur4.akadns.net.

;; ADDITIONAL SECTION:
eur4.akadns.net.	7013	IN	A	195.219.3.169
eur7.akadns.net.	7013	IN	A	193.108.94.88
eur8.akadns.net.	7013	IN	A	62.4.69.96
usc4.akadns.net.	7013	IN	A	69.45.78.3
use1.akadns.net.	7013	IN	A	67.72.17.134
use9.akadns.net.	7013	IN	A	81.52.250.134
usw5.akadns.net.	7013	IN	A	63.241.73.200

;; Query time: 211 msec
;; SERVER: 202.175.3.3#53(202.175.3.3)
;; WHEN: Fri Apr 21 12:05:20 2006
;; MSG SIZE  rcvd: 500


; <<>> DiG 9.3.2 <<>> www.yahoo.akadns.net @a.root-servers.net +bufsize=2048
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61213
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 16

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yahoo.akadns.net.		IN	A

;; AUTHORITY SECTION:
net.			172800	IN	NS	A.GTLD-SERVERS.net.
net.			172800	IN	NS	G.GTLD-SERVERS.net.
net.			172800	IN	NS	H.GTLD-SERVERS.net.
net.			172800	IN	NS	C.GTLD-SERVERS.net.
net.			172800	IN	NS	I.GTLD-SERVERS.net.
net.			172800	IN	NS	B.GTLD-SERVERS.net.
net.			172800	IN	NS	D.GTLD-SERVERS.net.
net.			172800	IN	NS	L.GTLD-SERVERS.net.
net.			172800	IN	NS	F.GTLD-SERVERS.net.
net.			172800	IN	NS	J.GTLD-SERVERS.net.
net.			172800	IN	NS	K.GTLD-SERVERS.net.
net.			172800	IN	NS	E.GTLD-SERVERS.net.
net.			172800	IN	NS	M.GTLD-SERVERS.net.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.net.	172800	IN	AAAA	2001:503:a83e::2:30
A.GTLD-SERVERS.net.	172800	IN	A	192.5.6.30
G.GTLD-SERVERS.net.	172800	IN	A	192.42.93.30
H.GTLD-SERVERS.net.	172800	IN	A	192.54.112.30
C.GTLD-SERVERS.net.	172800	IN	A	192.26.92.30
I.GTLD-SERVERS.net.	172800	IN	A	192.43.172.30
B.GTLD-SERVERS.net.	172800	IN	AAAA	2001:503:231d::2:30
B.GTLD-SERVERS.net.	172800	IN	A	192.33.14.30
D.GTLD-SERVERS.net.	172800	IN	A	192.31.80.30
L.GTLD-SERVERS.net.	172800	IN	A	192.41.162.30
F.GTLD-SERVERS.net.	172800	IN	A	192.35.51.30
J.GTLD-SERVERS.net.	172800	IN	A	192.48.79.30
K.GTLD-SERVERS.net.	172800	IN	A	192.52.178.30
E.GTLD-SERVERS.net.	172800	IN	A	192.12.94.30
M.GTLD-SERVERS.net.	172800	IN	A	192.55.83.30

;; Query time: 652 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Fri Apr 21 12:11:35 2006
;; MSG SIZE  rcvd: 534

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list