. hint zone records lookup with +norec

Ladislav Vobr lvobr at ies.etisalat.ae
Mon Feb 23 07:48:54 UTC 2004 

I am running 9.2.2, internal caching server + authoritative with 2 views 
and have noticed in recent days increase on load. I am still 
investigating it's like around 30-40% without any clear reason.

I have noticed that I cannot do +norec dig for some of the root-servers 
a records, is that normal? As you can see below I can not do +norec for 
a.root, but I can do it for c.root. And why in the authority section it 
is only 4 servers listed? Shouldn't I be able to get any record from the 
. hint zone with +norec?

I don't' have local connectivity problem I can connect to A.root or any 
other root server.

my named.root .hint zone

[dxbins1:/usr/local/named]#grep A.ROOT named.root
.                       421476  IN      NS      A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.     507876  IN      A       198.41.0.4

[dxbins1:/usr/local/named]#grep C.ROOT named.root
.                       421476  IN      NS      C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.     507876  IN      A       192.33.4.12



[dxbins1:/usr/local/named]#dig A A.ROOT-SERVERS.NET. @127.0.0.1 +norec

; <<>> DiG 9.2.2 <<>> A A.ROOT-SERVERS.NET. @127.0.0.1 +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17581
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 3

;; QUESTION SECTION:
;A.ROOT-SERVERS.NET.            IN      A

;; AUTHORITY SECTION:
ROOT-SERVERS.NET.       604705  IN      NS      f.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.       604705  IN      NS      j.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.       604705  IN      NS      k.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.       604705  IN      NS      A.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
f.ROOT-SERVERS.NET.     573643  IN      A       192.5.5.241
j.ROOT-SERVERS.NET.     604705  IN      A       192.58.128.30
k.ROOT-SERVERS.NET.     573650  IN      A       193.0.14.129

;; Query time: 7 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:31:59 2004
;; MSG SIZE  rcvd: 146




without +norec I get the answer




[dxbins1:/usr/local/named]#dig A A.ROOT-SERVERS.NET. @127.0.0.1

; <<>> DiG 9.2.2 <<>> A A.ROOT-SERVERS.NET. @127.0.0.1
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14700
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3

;; QUESTION SECTION:
;A.ROOT-SERVERS.NET.            IN      A

;; ANSWER SECTION:
A.ROOT-SERVERS.NET.     604800  IN      A       198.41.0.4

;; AUTHORITY SECTION:
ROOT-SERVERS.NET.       604800  IN      NS      j.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.       604800  IN      NS      k.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.       604800  IN      NS      A.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.       604800  IN      NS      f.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
f.ROOT-SERVERS.NET.     573738  IN      A       192.5.5.241
j.ROOT-SERVERS.NET.     604800  IN      A       192.58.128.30
k.ROOT-SERVERS.NET.     573745  IN      A       193.0.14.129

;; Query time: 18 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:30:24 2004
;; MSG SIZE  rcvd: 162


and for c.root with +norec


[dxbins1:/usr/local/named]#dig A C.ROOT-SERVERS.NET. @127.0.0.1 +norec

; <<>> DiG 9.2.2 <<>> A C.ROOT-SERVERS.NET. @127.0.0.1 +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56446
;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 3

;; QUESTION SECTION:
;C.ROOT-SERVERS.NET.            IN      A

;; ANSWER SECTION:
C.ROOT-SERVERS.NET.     604686  IN      A       192.33.4.12

;; AUTHORITY SECTION:
ROOT-SERVERS.NET.       604693  IN      NS      j.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.       604693  IN      NS      k.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.       604693  IN      NS      a.ROOT-SERVERS.NET.
ROOT-SERVERS.NET.       604693  IN      NS      f.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
f.ROOT-SERVERS.NET.     604688  IN      A       192.5.5.241
j.ROOT-SERVERS.NET.     604693  IN      A       192.58.128.30
k.ROOT-SERVERS.NET.     604691  IN      A       193.0.14.129

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:34:42 2004
;; MSG SIZE  rcvd: 164





another thing I have noticed is that without using +norec I can not 
lookup NS some records for example af.mil although I have them in the cache.




[dxbins1:/usr/local/named/logs]#dig ns af.mil

; <<>> DiG 9.2.2 <<>> ns af.mil
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 13521
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;af.mil.                                IN      NS

;; Query time: 2367 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:47:08 2004
;; MSG SIZE  rcvd: 24

[dxbins1:/usr/local/named/logs]#dig ns af.mil +norec

; <<>> DiG 9.2.2 <<>> ns af.mil +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61523
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 0

;; QUESTION SECTION:
;af.mil.                                IN      NS

;; AUTHORITY SECTION:
af.mil.                 85991   IN      NS      NS.MAXWELL.af.mil.
af.mil.                 85991   IN      NS      MARS.AFNOC.af.mil.
af.mil.                 85991   IN      NS      PAPA1.BARKSDALE.af.mil.
af.mil.                 85991   IN      NS      DELTA1.BARKSDALE.af.mil.
af.mil.                 85991   IN      NS      ARTEMIS.AFNOC.af.mil.
af.mil.                 85991   IN      NS      NS.USAFE.af.mil.

;; Query time: 15 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Feb 23 11:47:16 2004
;; MSG SIZE  rcvd: 170




Thanks for any help

Ladislav

More information about the bind-users mailing list