resolver's behavior
Kevin Darcy
kcd at daimlerchrysler.com
Fri Apr 21 00:47:43 UTC 2006
Barry Margolin wrote:
>In article <e2964j$2u9e$1 at sf1.isc.org>,
> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
>
>
>
>>Frank Y.F. Luo wrote:
>>
>>
>>
>>>I am a little confused about a resolver's behavior, like ping command,
>>>nslookup command,
>>>
>>>I am querying against a DNS server with recursive turned off
>>>
>>>#dig www.slashdot.com
>>>
>>>; <<>> DiG 9.2.4 <<>> www.slashdot.com
>>>;; global options: printcmd
>>>;; Got answer:
>>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1794
>>>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
>>>
>>>
>....
>
>
>>Command-line tools like "ping" typically use the "system" resolver,
>>which is usually configurable (via a system config file like
>>/etc/nsswitch.conf or the like) and may or may not even include DNS as
>>one of its sources of name information. If the system resolver does look
>>at DNS at all, it'll do so by generating recursive rather than
>>non-recursive queries. So for a valid comparison to what "ping" is
>>seeing, you should do recursive rather than non-recursive queries.
>>
>>
>
>He did. Don't you see "rd" (Recursion Desired) in the "flags:" field?
>It's the server that has recursion disabled (hence the missing "ra"
>flag), not the client.
>
I stand corrected. Recursion needs to be both requested *and* honored in
order for it to be a useful comparison to a typical system-resolver lookup.
- Kevin
More information about the bind-users
mailing list