questions on the dig info
Mark Andrews
marka at isc.org
Sat Jul 9 02:58:35 UTC 2011
In message <CAA3U4eN75Jav7d0zSxtm-vojynzHw_LZNbCQhUevvk1PeOu58g at mail.gmail.com>
, Feng He writes:
> Hello list,
>
>
> $ dig www.qq.com ns @ns1.qq.com
>
> ; <<>> DiG 9.4.2-P2.1 <<>> www.qq.com ns @ns1.qq.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50734
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;www.qq.com. IN NS
>
> ;; ANSWER SECTION:
> www.qq.com. 86400 IN NS ns-tel1.qq.com.
> www.qq.com. 86400 IN NS ns-tel2.qq.com.
>
> ;; AUTHORITY SECTION:
> qq.com. 86400 IN NS ns4.qq.com.
> qq.com. 86400 IN NS ns1.qq.com.
> qq.com. 86400 IN NS ns2.qq.com.
> qq.com. 86400 IN NS ns3.qq.com.
>
> ;; Query time: 7 msec
> ;; SERVER: 219.133.62.252#53(219.133.62.252)
> ;; WHEN: Sat Jul 9 08:58:38 2011
> ;; MSG SIZE rcvd: 144
>
>
>
>
> $ dig www.qq.com ns @ns-tel1.qq.com
>
> ; <<>> DiG 9.4.2-P2.1 <<>> www.qq.com ns @ns-tel1.qq.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44393
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;www.qq.com. IN NS
>
> ;; AUTHORITY SECTION:
> qq.com. 86400 IN SOA ns1.qq.com.
> webmaster.qq.com. 1293074536 300 600 86400 86400
>
> ;; Query time: 7 msec
> ;; SERVER: 121.14.73.115#53(121.14.73.115)
> ;; WHEN: Sat Jul 9 08:59:07 2011
> ;; MSG SIZE rcvd: 78
>
>
>
>
> I have two questions against the two dig info above.
>
> First, why ns1.qq.com (which is the authority nameserver for the zone
> of qq.com, not www.qq.com) returns the authority answer for
> www.qq.com's NS query? and even includes a AA flag in the response.
Because the nameserver is not RFC compliant. There are lots of
broken nameservers out there. Early versions of BIND had this bug
but we removed it over a decade ago.
> Second, why ns-tel1.qq.com (which is the authority nameserver for the
> zone of www.qq.com) returns nothing for this zone's NS query?
Because it is misconfigured. Instead of serving www.qq.com it is configured
to server qq.com which can be seen in all the negative answers it returns.
Unfortunately lots of load balancers are similarly misconfigured.
You see similar issues with AAAA queries which causes lookup failures.
; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec aaaa www.qq.com @ns-tel1.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14164
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.qq.com. IN AAAA
;; AUTHORITY SECTION:
qq.com. 86400 IN SOA ns1.qq.com. webmaster.qq.com. 1293074536 300 600 86400 86400
;; Query time: 394 msec
;; SERVER: 121.14.73.115#53(121.14.73.115)
;; WHEN: Sat Jul 9 12:43:39 2011
;; MSG SIZE rcvd: 78
> Thank you.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list