dig +trace to find all the forwarders?

[Kevin Darcy]

On 4/25/2010 12:01 AM, Josh Kuo wrote:
>
>     You need administrative access to see the overides to the normal
>     resolution
>     process.
>
>
> Just so I understand this completely, by administrative access you 
> mean I need to be able to log in to each of the resolvers (not 
> administrative access on my local workstation to do a 'sudo dig 
> example.net <http://example.net> a +trace'), correct?
+trace only shows the workings of the standard iterative-resolution 
algorithm, as if your local resolver, starting with only hardcoded 
information about the root zone, were doing all of the work necessary to 
obtain the requested information using *non-recursive* queries to trace 
the delegation chain(s).

However, if you send *recursive* queries, essentially giving some other 
resolver _carte_blanche_ to resolve the name any way it feels fit, then 
+trace isn't going to tell you diddly about whatever 
algorithm/configuration the other resolver might be using to get the 
information for you. It's basically a "black box" as far as you're 
concerned -- queries in, responses out. You don't know how or where it 
got the information.
>
> A follow up question to that... is it even possible to perform such a 
> trace (revealing all resolvers) with the DNS protocol? Or is this 
> purely a designed limitation of dig?
>
Feel free to propose an equivalent layer to the DNS protocol as ICMP is 
to IP/TCP/UDP and get all of the DNS implementations out there to 
support the new protocol extension.

Then it might be possible to write a program analogous to "traceroute" 
for DNS.

                                                                         
                                             - Kevin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100426/5e06e2ff/attachment.html>