dig @server foobar +trace +recurse
John Miller
johnmill at brandeis.edu
Thu Jul 9 03:55:56 UTC 2015
For my part, I'd be curious to know what sort of problem you're trying to
solve with dig. We might be able to shed a little more light on what the
best command would be for you.
The +recurse gets overridden when you use +trace:
+[no]recurse
... Recursion is automatically disabled when the
+nssearch or +trace query options are used.
so you're getting iterative queries whether you want them or not: +trace
means you're treating yourself as a recursive nameserver, and the RD bit
isn't set on your queries.
If you send a single query to a remote nameserver, you're only going to get
a single response--that's how DNS works. So if you're looking to see the
chain of lookups that a remote recursive nameserver takes to reach its
final response, you can run dig +trace from the remote nameserver, or you
could run a series of dig @server +norecurse <hostname> queries to get what
you're looking for.
I admit ignorance on the +showsearch option: I'm not seeing the query flags
change, nor am I seeing any different output when I run:
dig @8.8.8.8 trombone.org +showsearch
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8 trombone.org
+showsearch
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9742
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
versus
dig @8.8.8.8 trombone.org
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @8.8.8.8 trombone.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36891
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
Even after flushing Google's cache (
https://developers.google.com/speed/public-dns/cache), I still get the same
response. Does anyone have insight on +showsearch, other than the
following ;-)
BUGS
There are probably too many query options.
John
On Wed, Jul 8, 2015 at 6:34 PM, Anne Bennett <anne at encs.concordia.ca> wrote:
>
> I've been trying to debug a problem with dig, and it has finally
> occurred to me that, if I understand this correctly, the "+trace"
> option essentially overrides the @server specification, except for
> the initial query for the root zone nameservers. (I was using
> "+showsearch +trace +recurse".)
>
> Is my understanding correct?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150708/6c6b1c8b/attachment.html>
More information about the bind-users
mailing list