'dig -t any ...' question
Ladislav Vobr
lvobr at ies.etisalat.ae
Sun Jun 13 04:15:26 UTC 2004
>>; <<>> DiG 9.2.3 <<>> any ladislav.name.ae
>>;; global options: printcmd
>>;; connection timed out; no servers could be reached
>>
>>ns3.emirates.net.ae# dig any ladislav.name.ae +norec
>>
>>; <<>> DiG 9.2.3 <<>> any ladislav.name.ae +norec
>>;; global options: printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47234
>>;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 0
>>
>>;; QUESTION SECTION:
>>;ladislav.name.ae. IN ANY
>>
>>;; AUTHORITY SECTION:
>>ladislav.name.ae. 3278 IN NS fake2.ladislav.name.ae.
>>ladislav.name.ae. 3278 IN NS fake3.ladislav.name.ae.
>>ladislav.name.ae. 3278 IN NS fake4.ladislav.name.ae.
>>ladislav.name.ae. 3278 IN NS fake5.ladislav.name.ae.
>>ladislav.name.ae. 3278 IN NS fake1.ladislav.name.ae.
>>
>>;; Query time: 42 msec
>>;; SERVER: 194.170.1.99#53(194.170.1.99)
>>;; WHEN: Sat Jun 12 15:24:18 2004
>>;; MSG SIZE rcvd: 134
>>
>>can you explain this ?
>
>
> 10.x.x.x addresses are private addresses that are not reachable from the
> Internet. Why do you have your domain delegated to these unusable
> addresses?
>
I set this up purposely, since I faced some weird behaviour, and also I
was wondering how bind handles the situation when all servers are
unreachable,
I have two issues with this setup, as my old posts,
1. bind sends around 150 packets total to all nameservers, when I
request single name for any host from this domain, which seems quite a
lot for me, and it seems to be doing it for every new name again, looks
like pretty ddos amplifier I am trying to understand this logic.
2. I have this +norec/rd flag issue, when I am unable to see the *glue*
from the cache with rd flag.
Ladislav
More information about the bind-users
mailing list