BIND 9.2.1 and TCP
Kevin Darcy
kcd at daimlerchrysler.com
Thu Nov 7 19:01:48 UTC 2002
Sorry, I shouldn't have assumed it was public.
Still, it's somewhat disgusting to mix public and private addresses like that, not to mention the
sheer number of NS records in the RRset. IMHO amd.com is in serious need of subzoning.
- Kevin
zack.nash at amd.com wrote:
> This is not public DNS this is internal only DNS. I am sorry for the confusion on this matter.
> Zack
>
> -----Original Message-----
> From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
> Sent: Thursday, November 07, 2002 10:52 AM
> To: bind-users at isc.org
> Subject: Re: BIND 9.2.1 and TCP
>
> That's pretty disgusting. 172.16/12 is a RFC 1918 "private" range so those
> 172.20.*.* and 172.28.*.* addresses shouldn't be in the public DNS *at*all*...
>
> - Kevin
>
> zack.nash at amd.com wrote:
>
> > 'dig +ignoretc +search <name>' :
> >
> > ; <<>> DiG 8.2 <<>> +ignoretc +search nash.amd.com @aus-la-ns1
> > ; (1 server found)
> > ;; res options: init igntc recurs defnam dnsrch
> > ;; got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41812
> > ;; flags: qr aa tc rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 22, ADDITIONAL: 0
> > ;; nash.amd.com, type = A, class = IN
> > nash.amd.com. 0S IN A 139.95.99.116
> > amd.com. 1H IN NS ns2.amd.com.
> > amd.com. 1H IN NS ns5.amd.com.
> > amd.com. 1H IN NS ns6.amd.com.
> > amd.com. 1H IN NS ns7.amd.com.
> > amd.com. 1H IN NS ns8.amd.com.
> > amd.com. 1H IN NS ns9.amd.com.
> > amd.com. 1H IN NS fuji.amd.com.
> > amd.com. 1H IN NS ns10.amd.com.
> > amd.com. 1H IN NS ns11.amd.com.
> > amd.com. 1H IN NS ns12.amd.com.
> > amd.com. 1H IN NS ns13.amd.com.
> > amd.com. 1H IN NS f30ns1.amd.com.
> > amd.com. 1H IN NS f30ns2.amd.com.
> > amd.com. 1H IN NS vienna.amd.com.
> > amd.com. 1H IN NS bkkdns1.amd.com.
> > amd.com. 1H IN NS pngdns1.amd.com.
> > amd.com. 1H IN NS sgpdns1.amd.com.
> > amd.com. 1H IN NS suzdns1.amd.com.
> > amd.com. 1H IN NS suzdns2.amd.com.
> > amd.com. 1H IN NS nsmaster.amd.com.
> > amd.com. 1H IN NS seurdns1.amd.com.
> > amd.com. 1H IN NS shkgfile1.amd.com.
> > ;; Total query time: 61 msec
> > ;; FROM: qip-ent to SERVER: aus-la-ns1 163.181.250.235
> > ;; WHEN: Thu Nov 7 09:55:00 2002
> > ;; MSG SIZE sent: 30 rcvd: 492
> >
> > 'dig +search <name>':
> >
> > ; <<>> DiG 8.2 <<>> +search nash.amd.com @aus-la-ns1
> > ; (1 server found)
> > ;; res options: init recurs defnam dnsrch
> > ;; got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17504
> > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 24, ADDITIONAL: 25
> > ;; nash.amd.com, type = A, class = IN
> > nash.amd.com. 0S IN A 139.95.99.116
> > amd.com. 1H IN NS pngdns1.amd.com.
> > amd.com. 1H IN NS sgpdns1.amd.com.
> > amd.com. 1H IN NS suzdns1.amd.com.
> > amd.com. 1H IN NS suzdns2.amd.com.
> > amd.com. 1H IN NS nsmaster.amd.com.
> > amd.com. 1H IN NS seurdns1.amd.com.
> > amd.com. 1H IN NS shkgfile1.amd.com.
> > amd.com. 1H IN NS slave-232-2.amd.com.
> > amd.com. 1H IN NS ns1.amd.com.
> > amd.com. 1H IN NS ns2.amd.com.
> > amd.com. 1H IN NS ns5.amd.com.
> > amd.com. 1H IN NS ns6.amd.com.
> > amd.com. 1H IN NS ns7.amd.com.
> > amd.com. 1H IN NS ns8.amd.com.
> > amd.com. 1H IN NS ns9.amd.com.
> > amd.com. 1H IN NS fuji.amd.com.
> > amd.com. 1H IN NS ns10.amd.com.
> > amd.com. 1H IN NS ns11.amd.com.
> > amd.com. 1H IN NS ns12.amd.com.
> > amd.com. 1H IN NS ns13.amd.com.
> > amd.com. 1H IN NS f30ns1.amd.com.
> > amd.com. 1H IN NS f30ns2.amd.com.
> > amd.com. 1H IN NS vienna.amd.com.
> > amd.com. 1H IN NS bkkdns1.amd.com.
> > ns1.amd.com. 1H IN A 139.95.53.235
> > ns2.amd.com. 1H IN A 139.95.6.235
> > ns5.amd.com. 1H IN A 139.95.27.235
> > ns6.amd.com. 1H IN A 139.95.1.235
> > ns7.amd.com. 1H IN A 163.181.1.2
> > ns8.amd.com. 1H IN A 163.181.9.235
> > ns9.amd.com. 1H IN A 163.181.52.235
> > fuji.amd.com. 1H IN A 139.95.100.1
> > ns10.amd.com. 1H IN A 163.181.88.235
> > ns11.amd.com. 1H IN A 163.181.234.235
> > ns12.amd.com. 1H IN A 172.28.4.253
> > ns13.amd.com. 1H IN A 139.95.144.235
> > f30ns1.amd.com. 1H IN A 172.20.3.235
> > f30ns2.amd.com. 1H IN A 172.20.13.235
> > vienna.amd.com. 1H IN A 163.181.61.42
> > bkkdns1.amd.com. 1H IN A 165.204.128.235
> > pngdns1.amd.com. 1H IN A 165.204.164.235
> > sgpdns1.amd.com. 1H IN A 101.2.0.235
> > suzdns1.amd.com. 1H IN A 165.204.224.33
> > suzdns2.amd.com. 1H IN A 165.204.224.2
> > nsmaster.amd.com. 1H IN A 172.28.13.229
> > nsmaster.amd.com. 1H IN A 172.28.4.229
> > seurdns1.amd.com. 1H IN A 165.204.82.235
> > shkgfile1.amd.com. 1H IN A 139.95.102.95
> > slave-232-2.amd.com. 1H IN A 163.181.232.109
> > ;; Total query time: 164 msec
> > ;; FROM: qip-ent to SERVER: aus-la-ns1 163.181.250.235
> > ;; WHEN: Thu Nov 7 09:55:46 2002
> > ;; MSG SIZE sent: 30 rcvd: 936
> >
> > Thanks,
> > Zack
> >
> > -----Original Message-----
> > From: Mark.Andrews at isc.org [mailto:Mark.Andrews at isc.org]
> > Sent: Wednesday, November 06, 2002 10:19 PM
> > To: Nash, Zack
> > Cc: bind-users at isc.org
> > Subject: Re: BIND 9.2.1 and TCP
> >
> > >
> > > The request is for a single A record, ( nash 3600 IN A 192.168.0.1 ), would t
> > > his be too large to fit in a UDP packet. Also we have BIND 8 servers that se
> > > rve the same information and they do not revert to TCP for these records. Co
> > > uld this possibly be a misconfiguration on my part, or is there no way to res
> > > trict the server to only using udp?
> > > Thanks,
> > > Zack
> >
> > Why don't you show us what 'dig +ignoretc +search <name>' returns
> > then 'dig +search <name>'.
> >
> > Mark
> > >
> > > -----Original Message-----
> > > From: Mark.Andrews at isc.org [mailto:Mark.Andrews at isc.org]
> > > Sent: Wednesday, November 06, 2002 4:25 PM
> > > To: Nash, Zack
> > > Cc: bind-users at isc.org
> > > Subject: Re: BIND 9.2.1 and TCP
> > >
> > >
> > >
> > > > Hello,
> > > > I have noticed that my BIND 9.2.1 servers are requesting that my DNS Cl
> > > > ients use TCP rather than UDP to resolve hostnames, for all queries against
> > > t
> > > > his server.
> > > > My understanding is that UDP is used unless the packet is too large the
> > > > n the server will request a TCP connection from the client. I have seen th
> > > is
> > > > occur for queries of a single A record. Is this behavior a bug or is this
> > > a
> > > > new standard that is being implemented with the advent of BIND 9?
> > > > Thanks,
> > > > Zack
> > >
> > > Well the answers must be too big to fit in the space available in a
> > > UDP response. Remember the authority section can also trigger TC.
> > >
> > > Mark
> > > --
> > > Mark Andrews, Internet Software Consortium
> > > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > > PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
> > >
> > >
> > --
> > Mark Andrews, Internet Software Consortium
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list