bin 9.10 verbose logging
Mark Andrews
marka at isc.org
Fri May 9 23:05:00 UTC 2014
In message <1399664632.4864.59.camel at ns.five-ten-sg.com>, Carl Byington writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Sat, 2014-05-03 at 14:28 -0500, Jeremy C. Reed wrote:
> > "We didn't get a OPT record in response to a EDNS query." and also
> > says "We need to drop/remove the logging here when we have more
> > experience."
>
> Is there a sample dig query that can reproduce this? I see such a
> message in my log files regarding domain of interest to me.
>
> For the OP's question, presumably something like
>
> dig dns2.osogrande.com aaaa @207.66.8.132 +?????
Modern versions of DiG turn on EDNS by default.
+[no]edns[=version]
+[no]dnssec (implies +edns)
If there is a OPT record in the response you will see something
like this:
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
or
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; NSID: 72 6f 63 6b 2e 64 76 2e 69 73 63 2e 6f 72 67 ("rock.dv.isc.org")
; SIT: 8cd65ccfb9f282d53599db62536d5c39ec27d9c7420ccbbe (good)
; EXPIRE: 2389987 (3 weeks 6 days 15 hours 53 minutes 7 seconds)
If you turn on some of the EDNS options (+sit +nsid +expire) in the
request.
+sit (source identity token) provides 64 additional bits of randomness
to make of path spoofing virtually impossible to achieve. It
also provides a method for servers to know they are talking to
a client that have talked to before so they don't need to
rate limit responses (uses a experimental code point).
+nsid (name server identifier)
+expire how long to go before the zone expires (code point 9 has been
assigned for this, 9.10.0 uses a experimental code point and
will be changed in 9.10.1 to the assigned code point).
Mark
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
>
> iEYEARECAAYFAlNtL94ACgkQL6j7milTFsGZ2wCfccgyulUODofPfOr1vG98U8t+
> ujYAnjdsOnfTFsJVDeHqycRoKLkT5o/G
> =8OIw
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list