dig printout doesn't appear to match reality

Frank Bulk frnkblk at iname.com
Sat May 16 16:29:58 UTC 2009 

Wow, I wasn't aware of that nuance.  I have been making incorrect
assumptions.

It doesn't make sense to me how DNS3.UIOWA.EDU can return the correct cached
result for the NS records of sioux-center.k12.ia.us but an incorrect "norec"
result.  Doesn't specifying "no recursion" mean that it has to be either
authoritative for that domain or have the entry cached in order to return
any result at all?  But the 'aa' bit is not set, which seems to me that it
must have obtained the result from its cache.

Frank

-----Original Message-----
From: Chris Buxton [mailto:cbuxton at menandmice.com] 
Sent: Saturday, May 16, 2009 11:09 AM
To: Frank Bulk
Cc: bind-users at lists.isc.org
Subject: Re: dig printout doesn't appear to match reality

If you send the server a recursive query, you get an answer from its  
cache. If you sent it an iterative query, you get a referral from its  
authoritative zone.

$ dig @DNS3.UIOWA.EDU sioux-center.k12.ia.us ns +noall +auth +norec

; <<>> DiG 9.4.3-P1 <<>> @DNS3.UIOWA.EDU sioux-center.k12.ia.us ns  
+noall +auth +norec
; (2 servers found)
;; global options:  printcmd
sioux-center.k12.ia.us.	28800	IN	NS	dns.mtcnet.net.
sioux-center.k12.ia.us.	28800	IN	NS	ns1.netins.net.

$ dig @DNS3.UIOWA.EDU sioux-center.k12.ia.us ns +noall +answer

; <<>> DiG 9.4.3-P1 <<>> @DNS3.UIOWA.EDU sioux-center.k12.ia.us ns  
+noall +answer
; (2 servers found)
;; global options:  printcmd
sioux-center.k12.ia.us.	83030	IN	NS	ns1.netins.net.
sioux-center.k12.ia.us.	83030	IN	NS	ns2.mtcnet.net.
sioux-center.k12.ia.us.	83030	IN	NS	ns1.mtcnet.net.

Chris Buxton
Professional Services
Men & Mice

On May 16, 2009, at 8:53 AM, Frank Bulk wrote:

> It appears that dig is printing results that it attributes to the  
> wrong
> server.
>
> While troubleshooting an inconsistent NS issue (upstream from us), a  
> trace
> (at the end of this message) shows that DNS3.UIOWA.EDU listed two NS
> records, when in fact, if you query DNS3.UIOWA.EDU for the domain in
> question it returns three NS records.  The results that were  
> returned belong
> to either DNS-2.IASTATE.EDU or DNS2.ICN.STATE.ia.us.
>
> Why is dig attributing it to one NS server when it belongs to another?
>
> Regards,
>
> Frank
>
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
> ==
> nagios:/etc/cron.daily# dig +trace NS sioux-center.k12.ia.us
>
> ; <<>> DiG 9.5.1-P1 <<>> +trace NS sioux-center.k12.ia.us
> ;; global options:  printcmd
> .                       512780  IN      NS      b.root-servers.net.
> .                       512780  IN      NS      e.root-servers.net.
> .                       512780  IN      NS      f.root-servers.net.
> .                       512780  IN      NS      m.root-servers.net.
> .                       512780  IN      NS      g.root-servers.net.
> .                       512780  IN      NS      k.root-servers.net.
> .                       512780  IN      NS      l.root-servers.net.
> .                       512780  IN      NS      a.root-servers.net.
> .                       512780  IN      NS      h.root-servers.net.
> .                       512780  IN      NS      j.root-servers.net.
> .                       512780  IN      NS      d.root-servers.net.
> .                       512780  IN      NS      c.root-servers.net.
> .                       512780  IN      NS      i.root-servers.net.
> ;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
>
> us.                     172800  IN      NS      I.GTLD.BIZ.
> us.                     172800  IN      NS      J.GTLD.BIZ.
> us.                     172800  IN      NS      K.GTLD.BIZ.
> us.                     172800  IN      NS      B.GTLD.BIZ.
> us.                     172800  IN      NS      A.GTLD.BIZ.
> us.                     172800  IN      NS      C.GTLD.BIZ.
> ;; Received 308 bytes from 128.8.10.90#53(d.root-servers.net) in 48 ms
>
> k12.ia.us.              7200    IN      NS      DNS-2.IASTATE.EDU.
> k12.ia.us.              7200    IN      NS      DNS2.ICN.STATE.ia.us.
> k12.ia.us.              7200    IN      NS      DNS3.UIOWA.EDU.
> ;; Received 141 bytes from 156.154.96.126#53(I.GTLD.BIZ) in 97 ms
>
> sioux-center.k12.ia.us. 28800   IN      NS      ns1.netins.net.
> sioux-center.k12.ia.us. 28800   IN      NS      dns.mtcnet.net.
> ;; Received 109 bytes from 128.255.64.5#53(DNS3.UIOWA.EDU) in 18 ms
>
> sioux-center.k12.ia.us. 86400   IN      NS      ns2.mtcnet.net.
> sioux-center.k12.ia.us. 86400   IN      NS      ns1.mtcnet.net.
> sioux-center.k12.ia.us. 86400   IN      NS      ns1.netins.net.
> ;; Received 159 bytes from 167.142.225.5#53(ns1.netins.net) in 9 ms
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list