resolver's behavior

Kevin Darcy kcd at daimlerchrysler.com
Fri Apr 21 20:38:36 UTC 2006 

I suppose it's possible that "dig" is compiled to use a different 
resolver library than "ping" is, and the different resolver libraries 
are looking for resolv.conf files in different locations. That would 
explain the anomaly/inconsistency. But I don't know enough about running 
BIND (or components of BIND) on a Wintel platform, to be able to assess 
whether this is a plausible explanation or not.

                                                                         
                                                   - Kevin

Frank Y.F. Luo wrote:

>This is only for test and try to understand the resolver. and of course
>/etc/hosts is not use and DNS is used on both cases.
>
>You said ""Dig" used the resolv.conf
>  
>
>>and "ping"  used the system configured recursive name server."
>>    
>>
>
>Where is the "system configured recursive name server" defind? is it in
>resolv.conf? I know in the resolv.conf there is only one entry for the NS
>with recursive turned of.
>
>I also want to emphesis the difference result of ping command on a Mac and a
>Solaris machine mentioned in the first email: ping command on the Solaris 10
>machines could not resovle slashdot.com in that setting.
>
>
>
>  
>
>>-----Original Message-----
>>From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
>>Behalf Of Kirk Bradel
>>Sent: Thursday, April 20, 2006 9:00 PM
>>To: comp-protocols-dns-bind at isc.org
>>Subject: Re: resolver's behavior
>>
>>
>>Barry Margolin wrote:
>>    
>>
>>>In article <e2964j$2u9e$1 at sf1.isc.org>,
>>> Kevin Darcy <kcd at daimlerchrysler.com> wrote:
>>>
>>>      
>>>
>>>>Frank Y.F. Luo wrote:
>>>>
>>>>        
>>>>
>>>>>I am a little confused about a resolver's behavior, like ping command,
>>>>>nslookup command,
>>>>>
>>>>>I am querying against a DNS server with recursive turned off
>>>>>
>>>>>#dig www.slashdot.com
>>>>>
>>>>>; <<>> DiG 9.2.4 <<>> www.slashdot.com
>>>>>;; global options:  printcmd
>>>>>;; Got answer:
>>>>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1794
>>>>>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
>>>>>          
>>>>>
>>>....
>>>      
>>>
>>>>Command-line tools like "ping" typically use the "system" resolver,
>>>>which is usually configurable (via a system config file like
>>>>/etc/nsswitch.conf or the like) and may or may not even include DNS as
>>>>one of its sources of name information. If the system resolver
>>>>        
>>>>
>>does look
>>    
>>
>>>>at DNS at all, it'll do so by generating recursive rather than
>>>>non-recursive queries. So for a valid comparison to what "ping" is
>>>>seeing, you should do recursive rather than non-recursive queries.
>>>>        
>>>>
>>>He did.  Don't you see "rd" (Recursion Desired) in the "flags:" field?
>>>It's the server that has recursion disabled (hence the missing "ra"
>>>flag), not the client.
>>>
>>>      
>>>
>>I just duplicated the OP results.  Using a Windows resolver with a
>>c:\windows\system32\drivers\etc\resolv.conf pointing at an authoritative
>>  only name server, I get the same results (as expected).  Which is
>>exactly what Kevin was trying to explain.  "Dig" used the resolv.conf
>>and "ping"  used the system configured recursive name server.
>>
>>C:\WINDOWS\system32\drivers\etc>dig www.slashdot.net
>>
>>; <<>> DiG 9.3.2 <<>> www.slashdot.net
>>;; global options:  printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1192
>>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
>>
>>;; QUESTION SECTION:
>>;www.slashdot.net.              IN      A
>>
>>;; AUTHORITY SECTION:
>>..                       3600000 IN      NS      A.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      B.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      C.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      D.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      E.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      F.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      G.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      H.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      I.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      J.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      K.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      L.ROOT-SERVERS.net.
>>..                       3600000 IN      NS      M.ROOT-SERVERS.net.
>>
>>;; Query time: 46 msec
>>;; SERVER: 66.218.71.63#53(66.218.71.63)
>>;; WHEN: Thu Apr 20 19:55:21 2006
>>;; MSG SIZE  rcvd: 242
>>
>>
>>C:\WINDOWS\system32\drivers\etc>ping www.slashdot.net
>>
>>Pinging www.slashdot.net [208.254.3.166] with 32 bytes of data:
>>
>>
>>
>>    
>>
>
>
>
>
>
>  
>

More information about the bind-users mailing list