Nslookup Times Out on A Lookup To Well-Known Hosts
David Nolan
vitroth+ at cmu.edu
Wed Oct 4 13:07:35 UTC 2006
--On Tuesday, October 03, 2006 20:10:21 -0400 Kevin Darcy
<kcd at daimlerchrysler.com> wrote:
> The +trace option to dig will pretty much execute this sequence
> automatically for you, although the output is arguably hard to parse,
> and sometimes certain error conditions cause it to generate unexpected
> results.
Unfortunately dig doesn't *quite* implement the exact same lookup
interaction. I believe the two differences I've encountered are:
- By default it doesn't use EDNS0, whereas Bind does by default. This is
configurable via the commandline option +bufsize=4096 (4096 is the Bind
default)
- Dig doesn't appear to honor the glue A records returned while traversing
the delegation path. i.e. if it does a ns query to for example.org and
receives a response containing NS records for ns1.example.org and
ns2.example.org, it also should receive A records for those hosts. Bind
would use those records, because it has no other way to resolve those
hosts, but dig appears to resolve the names in the NS records via the
normal host resolver library. This can hide partially broken glue records,
where the IP for ns2.example.org has changed for example.
'dig +trace ...' is definitely an invaluable tool, but reliance on it to
diagnose idiosyncratic problems can result it confusion.
-David
More information about the bind-users
mailing list