Recursive PTR query behavior
Mark Andrews
Mark_Andrews at isc.org
Fri Feb 24 01:42:32 UTC 2006
> Hi,
>
> Now I am testing the recursive PTR query of BIND 9.3.1.
>
> The DNS Client1 request for PTR RRs for 10.1.168.192.IN-ADDR.ARPA to DNS Server1.
>
> % dig @192.168.0.10 10.1.168.192.IN-ADDR.ARPA. -t PTR
>
> DNS Server1 receved standard query from DNS Client1, and transmits recursive query.
> It's sequence flow are described as following.
>
> When DNS Server1 received No. 5 packet, I expect that DNS Server1 sends
> QNAME=10.1.168.192.IN-ADDR.ARPA, QTYPE=PTR query to DNS Server4 (No. 6 sequence).
> However DNS Server1 sends QNAME=NS4.example.org, QTYPE=A query to DNS Server2.
You are seeing the anti-cache poisioning code come into play.
When Server1 queries Server2 it is talking to the root server
so Server1 accepts the glue for Server3.
When Server1 queries Server3 it is talking to the 192.IN-ADDR.ARPA
server so it rejects the glue for Server4. Server1 then goes
back to Server2 (root) to get the addresses for Server4.
> Q. Why DNS Server1 doesn't send QNAME=10.1.168.192.IN-ADDR.ARPA, QTYPE=PTR query to
> DNS Server4 as authority of 168.192.IN-ADDR.ARPA?
It will once it has the addresses for Server4.
Mark
> Topology
> ---------
>
> IN-ADDR.ARPA domain 192.IN-ADDR.ARPA domain 168.192.IN-ADDR.ARPA domain
> DNS Server2 DNS Server3 DNS Server4
> |A.ROOT.NET |NS3.example.net |NS4.example.org
> |192.168.1.20 |192.168.1.30 |192.168.1.40
> | | |
> Net-y --+--------+---------------+------------+-----------+------- 192.168.1/24
> | |
> | |1.168.192.IN-ADDR.ARPA domain
> Router (TN) DNS Server5
> | NS5.example.org
> |192.168.0.1 192.168.1.50
> |
> Net-z --+--------+-----------------+-------- 192.168.0/24
> | |
> | |
> DNS Server1 (NUT) DNS Client1 (TN)
> NS1.example.com
> 192.168.0.10 192.168.0.20
>
>
> Configuration
> --------------
>
> named configuration is:
>
> options {
> directory "/etc/namedb";
> pid-file "/var/run/named/pid";
> dump-file "/var/dump/named_dump.db";
> statistics-file "/var/stats/named.stats";
> listen-on { any;};
> listen-on-v6 { any;};
> notify no;
> recursion yes;
> request-ixfr no;
> provide-ixfr no;
> };
> zone "." {
> type hint;
> file "named.root";
> };
> zone "example.com" {
> type master;
> allow-query {any;};
> allow-transfer {any;};
> file "master/example.com";
> };
>
>
> Zone files
> ----------
>
> DNS Server1 is a name server for the example.com.
> The zone data for the example.com domain is:
>
> $TTL 86400 ; TTL of 1 day
> @ IN SOA NS1.example.com. root.example.com. (
> 2005081600 ; serial
> 3600 ; refresh every 1 hr
> 900 ; retry every 15 min
> 604800 ; expire after a week
> 3600 ; Minimum TTL of a 1 hr
> )
> ;
> IN NS NS1.example.com.
> NS1 IN A 192.168.0.10
>
>
> DNS Server2 is a name server for the root. Root server list on DNS Server1 is:
>
> . 3600000 IN NS A.ROOT.NET.
> A.ROOT.NET. 3600000 A 192.168.1.20
>
> Sequence flow.
> --------------
> * TN: Tester node
> * NUT: Node under test
> <--------------- TN ---------------------------->
> DNS Client1 (TN) DNS Server1 (NUT) DNS Server2 DNS Server3 DNS Server4 DNS Server5
> | | | | | |
> |----------------------------->| | | | |
> | 1. Send standard query | | | | |
> | QNAME | | | | |
> | =10.1.168.192.IN-ADDR.ARPA | | | | |
> | QTYPE=PTR | | | | |
> | |-------------------------------->| | | |
> | | 2. Recv standard query | | | |
> | | QNAME | | | |
> | | =10.1.168.192.IN-ADDR.ARPA | | | |
> | | QTYPE=PTR | | | |
> | | | | | |
> | |<--------------------------------| | | |
> | | 3. Send standard query response | | | |
> | | QNAME | | | |
> | | =10.1.168.192.IN-ADDR.ARPA | | | |
> | | QTYPE=PTR | | | |
> | | AUTHORITY Name | | | |
> | | =192.IN-ADDR.ARPA | | | |
> | | AUTHORITY NSDNAME | | | |
> | | =NS3.example.net | | | |
> | | ADDITIONAL Name | | | |
> | | =NS3.example.net | | | |
> | | ADDITIONAL Address | | | |
> | | =192.168.1.30 | | | |
> | | | | | |
> | | v | | |
> | | | | |
> | |-------------------------------------------->| | |
> | | 4. Recv standard query | | |
> | | QNAME | | |
> | | =10.1.168.192.IN-ADDR.ARPA | | |
> | | QTYPE=PTR | | |
> | | | | |
> | |<--------------------------------------------| | |
> | | 5. Send standard query response | | |
> | | QNAME | | |
> | | =10.1.168.192.IN-ADDR.ARPA | | |
> | | QTYPE=PTR | | |
> | | AUTHORITY Name | | |
> | | = 168.192.IN-ADDR.ARPA | | |
> | | AUTHORITY NSDNAME | | |
> | | = NS4.example.org | | |
> | | ADDITIONAL Name | | |
> | | = NS4.example.org | | |
> | | ADDITIONAL Address | | |
> | | = 192.168.1.40 | | |
> | | | | |
> | | v | |
> | | | |
> | |-------------------------------------------------------->| |
> | | 6. Send standard query | |
> | | QNAME | |
> | | =10.1.168.192.IN-ADDR.ARPA | |
> | | QTYPE=PTR | |
> | | | |
> | |<--------------------------------------------------------| |
> | | 7. Send standard query response| |
> | | QNAME | |
> | | =10.1.168.192.IN-ADDR.ARPA | |
> | | QTYPE=PTR | |
> | | AUTHORITY Name | |
> | | = 1.168.192.IN-ADDR.ARPA | |
> | | AUTHORITY NSDNAME | |
> | | = NS5.example.org | |
> | | ADDITIONAL Name | |
> | | = NS5.example.org | |
> | | ADDITIONAL Address | |
> | | = 192.168.1.50 | |
> | | | |
> | | v |
> | | |
> | |-------------------------------------------------------------------->|
> | | 8. Send standard query |
> | | QNAME |
> | | =10.1.168.192.IN-ADDR.ARPA |
> | | QTYPE=PTR |
> | | |
> | |<--------------------------------------------------------------------|
> | | 9. Send standard query response |
> | | QNAME |
> | | =10.1.168.192.IN-ADDR.ARPA |
> | | QTYPE=PTR |
> | | ANSWER NAME |
> | | = 10.1.168.192.IN-ADDR.ARPA |
> | | ANSWER PTRDNAME |
> | | = A.example.org |
> | | AUTHORITY Name |
> | | = 1.168.192.IN-ADDR.ARPA |
> | | AUTHORITY NSDNAME |
> | | = NS5.example.org |
> | | ADDITIONAL Name |
> | | = NS5.example.org |
> | | ADDITIONAL Address |
> | | = 192.168.1.50 |
> |<-----------------------------| v
> | 10. Recv Standard query |
> | response |
> | QNAME |
> | = 10.1.168.192.IN-ADDR.ARPA|
> | QTYPE=PTR |
> | ANSWER NAME |
> | = 10.1.168.192.IN-ADDR.ARPA|
> | ANSWER PTRDNAME |
> | = A.example.org |
> | AUTHORITY Name |
> | = 1.168.192.IN-ADDR.ARPA |
> | AUTHORITY NSDNAME |
> | = NS5.example.org |
> | ADDITIONAL Name |
> | = NS5.example.org |
> | ADDITIONAL Address |
> | = 192.168.1.50 |
> v v
>
>
> Best regards,
>
> --
> Nobumichi Ozoe
> IPv6 Business
> Network & Software Development Dept.
> Yokogawa Electric Corporation
> URL: http://www.yokogawa.com/
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list