Additional section in the query sent by named

Thu Jan 16 14:57:02 UTC 2003

Hi, there, 

It seems that the contents of the same queries sent by
dig and named are different.  To clarify, first, let's
use dig to send an NS query for eb.fisc.com.tw. to
203.73.160.28 which is an authoritative name server
for the domain fisc.com.tw.:

----------------------------------------------------------
>dig @203.73.160.28 eb.fisc.com.tw. ns

; <<>> DiG 8.3 <<>> @203.73.160.28 eb.fisc.com.tw. ns
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; QUERY SECTION:
;;      eb.fisc.com.tw, type = NS, class = IN

;; ANSWER SECTION:
eb.fisc.com.tw.         1D IN NS        lx1.fisc.com.tw.

;; ADDITIONAL SECTION:
lx1.fisc.com.tw.        1D IN A         203.66.154.1

;; Total query time: 49 msec
;; FROM: xxx.xxx.xxx.xxx to SERVER: 203.73.160.28  203.73.160.28
;; WHEN: Thu Jan 16 22:42:12 2003
;; MSG SIZE  sent: 32  rcvd: 66
----------------------------------------------------------

Looks everything is ok.  We got the answer.  However,
when I use dig to send the same query to my name
server which runs 8.3.4 named, nothing is returned.  A
further investigation reveals that 211.74.149.68 does
not respond to the query sent from my named.  To
figure out why, query packets sent from dig and my
named are captured and shown below. It looks that they
are different.  The query sent by named has an
additional section.

----------------------------------------------------------
(packet sent by dig, dumped with 'tcpdump -nvvxX')

22:42:12.299880 192.168.64.30.4466 > 203.73.160.28.53: [udp sum ok]  4+ NS? eb.f
isc.com.tw. (32) (ttl 64, id 16480, len 60)
0x0000   4500 003c 4060 0000 4011 ce24 c0a8 401e        E..<@`.. at ..$.. at .
0x0010   cb49 a01c 1172 0035 0028 5647 0004 0100        .I...r.5.(VG....
0x0020   0001 0000 0000 0000 0265 6204 6669 7363        .........eb.fisc
0x0030   0363 6f6d 0274 7700 0002 0001                  .com.tw.....
----------------------------------------------------------

----------------------------------------------------------
(packet sent by named, dumped with 'tcpdump -nvvxX')

22:41:06.513667 192.168.64.30.4457 > 203.73.160.28.53: [udp sum ok]  46773 [1au]
 NS? eb.fisc.com.tw. ar: . OPT UDPsize=4096 (43) (ttl 64, id 16383, len 71)
0x0000   4500 0047 3fff 0000 4011 ce7a c0a8 401e        E..G?... at ..z..@.
0x0010   cb49 a01c 1169 0035 0033 7777 b6b5 0000        .I...i.5.3ww....
0x0020   0001 0000 0000 0001 0265 6204 6669 7363        .........eb.fisc
0x0030   0363 6f6d 0274 7700 0002 0001 0000 2910        .com.tw.......).
0x0040   0000 0000 0000 00
----------------------------------------------------------

Now, the question is, what is the additional section
sent by named?  Why does named send it in addition to
the question section?  Is there any reason for
203.73.160.28 not to respond when it receives a query
with an additional section like the above?

Any help will be greatly appreciated.  Thanks.

-- 

  Fuh-Jyi Chang