proving a server doesn't have a zone
Todd Snyder
tsnyder at rim.com
Mon Jun 1 20:21:44 UTC 2009
Thanks very much for the help - I was having a brain issue! That is
much simpler than I was trying to devise.
Thanks to Andy as well.
Cheers!
Todd.
-----Original Message-----
From: Matthew Pounsett [mailto:matt at conundrum.com]
Sent: Monday, June 01, 2009 3:49 PM
To: Todd Snyder
Cc: bind-users at lists.isc.org
Subject: Re: proving a server doesn't have a zone
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01-Jun-2009, at 15:42, Todd Snyder wrote:
> I'm sure I'm just having a dumb moment, and that the return codes from
> dig can give me what I need, but I can't figure it out.
Indeed, dig can help you here. Send the server a non-recursive query
for something in the zone in question (doesn't matter if what you
query for actually exists or not). The server will either respond
with the AA bit set, or not, and that's how you know.
Note the absence of an 'aa' entry in the flags field, on the 6th line
of the output, below.
% dig +norec @a.gtld-servers.net foo.rim.com
; <<>> DiG 9.4.3-P1 <<>> +norec @a.gtld-servers.net foo.rim.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44151
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;foo.rim.com. IN A
;; AUTHORITY SECTION:
rim.com. 172800 IN NS xns01lhr.rim.net.
rim.com. 172800 IN NS xns01ykf.rim.net.
;; ADDITIONAL SECTION:
xns01lhr.rim.net. 172800 IN A 193.109.81.21
xns01ykf.rim.net. 172800 IN A 206.51.26.10
;; Query time: 80 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon Jun 1 15:46:55 2009
;; MSG SIZE rcvd: 114
In this second example, the server is authoritative for rim.com, and
answers with the aa bit set:
% dig +norec @xns01lhr.rim.net foo.rim.com
; <<>> DiG 9.4.3-P1 <<>> +norec @xns01lhr.rim.net foo.rim.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51004
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;foo.rim.com. IN A
;; AUTHORITY SECTION:
rim.com. 600 IN SOA xns01ykf.rim.net.
dnsadmin.rim.net. 2009052301
7200 3600 1209600 600
;; Query time: 138 msec
;; SERVER: 193.109.81.21#53(193.109.81.21)
;; WHEN: Mon Jun 1 15:48:17 2009
;; MSG SIZE rcvd: 90
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.11 (Darwin)
iEYEARECAAYFAkokMKkACgkQmFeRJ0tjIxEf3gCfVHPc6VKX7xScMYeQXlsXI5Hu
3T4An3H6++LcSn0wW1D2hr4P25i3RO5H
=sI+e
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
This transmission (including any attachments) may contain confidential information, privileged material (including material protected by the solicitor-client or other applicable privileges), or constitute non-public information. Any use of this information by anyone other than the intended recipient is prohibited. If you have received this transmission in error, please immediately reply to the sender and delete this information from your system. Use, dissemination, distribution, or reproduction of this transmission by unintended recipients is not authorized and may be unlawful.
More information about the bind-users
mailing list