resolver's behavior

Kirk Bradel kirkb at dogsplace.net
Fri Apr 21 00:59:49 UTC 2006 

Barry Margolin wrote:
> In article <e2964j$2u9e$1 at sf1.isc.org>,
>  Kevin Darcy <kcd at daimlerchrysler.com> wrote:
> 
>> Frank Y.F. Luo wrote:
>>
>>> I am a little confused about a resolver's behavior, like ping command,
>>> nslookup command,
>>>
>>> I am querying against a DNS server with recursive turned off
>>>
>>> #dig www.slashdot.com
>>>
>>> ; <<>> DiG 9.2.4 <<>> www.slashdot.com
>>> ;; global options:  printcmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1794
>>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
> ....
>> Command-line tools like "ping" typically use the "system" resolver, 
>> which is usually configurable (via a system config file like 
>> /etc/nsswitch.conf or the like) and may or may not even include DNS as 
>> one of its sources of name information. If the system resolver does look 
>> at DNS at all, it'll do so by generating recursive rather than 
>> non-recursive queries. So for a valid comparison to what "ping" is 
>> seeing, you should do recursive rather than non-recursive queries.
> 
> He did.  Don't you see "rd" (Recursion Desired) in the "flags:" field?  
> It's the server that has recursion disabled (hence the missing "ra" 
> flag), not the client.
> 

I just duplicated the OP results.  Using a Windows resolver with a 
c:\windows\system32\drivers\etc\resolv.conf pointing at an authoritative 
  only name server, I get the same results (as expected).  Which is 
exactly what Kevin was trying to explain.  "Dig" used the resolv.conf 
and "ping"  used the system configured recursive name server.

C:\WINDOWS\system32\drivers\etc>dig www.slashdot.net

; <<>> DiG 9.3.2 <<>> www.slashdot.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1192
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;www.slashdot.net.              IN      A

;; AUTHORITY SECTION:
..                       3600000 IN      NS      A.ROOT-SERVERS.net.
..                       3600000 IN      NS      B.ROOT-SERVERS.net.
..                       3600000 IN      NS      C.ROOT-SERVERS.net.
..                       3600000 IN      NS      D.ROOT-SERVERS.net.
..                       3600000 IN      NS      E.ROOT-SERVERS.net.
..                       3600000 IN      NS      F.ROOT-SERVERS.net.
..                       3600000 IN      NS      G.ROOT-SERVERS.net.
..                       3600000 IN      NS      H.ROOT-SERVERS.net.
..                       3600000 IN      NS      I.ROOT-SERVERS.net.
..                       3600000 IN      NS      J.ROOT-SERVERS.net.
..                       3600000 IN      NS      K.ROOT-SERVERS.net.
..                       3600000 IN      NS      L.ROOT-SERVERS.net.
..                       3600000 IN      NS      M.ROOT-SERVERS.net.

;; Query time: 46 msec
;; SERVER: 66.218.71.63#53(66.218.71.63)
;; WHEN: Thu Apr 20 19:55:21 2006
;; MSG SIZE  rcvd: 242


C:\WINDOWS\system32\drivers\etc>ping www.slashdot.net

Pinging www.slashdot.net [208.254.3.166] with 32 bytes of data:

More information about the bind-users mailing list