dig +trace unexpected behaviour

David Peall dkpeall at gmail.com
Wed Sep 29 19:04:51 UTC 2010 

Hi

 

What I have found is that while dig +trace gets and displays the information
directly from the name servers along the way the resolver is also queried
and the resolver's result overrides the trace result.  This can cause great
frustration as you see the trace looks correct but if the cache is stale it
can fail and this information is hidden.

 

These are results from a lab environment.

 

Here is the dig trace:

ns.juliet.dnslab:etc/domain#dig +trace ns.kilo.dnslab -4

 

; <<>> DiG 9.7.1-P2 <<>> +trace ns.kilo.dnslab -4

;; global options: +cmd

.                       417     IN      NS      p.root.

.                       417     IN      NS      q.root.

.                       417     IN      NS      r.root.

;; Received 198 bytes from 10.10.0.2#53(10.10.0.2) in 0 ms

 

dnslab.                 900     IN      NS      ns1.dnslab.

dnslab.                 900     IN      NS      ns2.dnslab.

;; Received 156 bytes from 10.0.0.17#53(p.root) in 0 ms

 

kilo.dnslab.            900     IN      NS      ns.kilo.dnslab.

;; Received 90 bytes from 10.0.0.100#53(ns1.dnslab) in 0 ms

 

ns.kilo.dnslab.         600     IN      A       10.0.11.1

kilo.dnslab.            600     IN      NS      ns.juliet.dnslab.

kilo.dnslab.            600     IN      NS      ns.kilo.dnslab.

kilo.dnslab.            600     IN      NS      ns.india.dnslab.

;; Received 309 bytes from 10.0.11.1#53(ns.kilo.dnslab) in 0 ms

 

The dump from vlan0:

14:30:21.764372 IP 10.0.10.1.65314 > 10.0.0.17.53: 54404 A? ns.kilo.dnslab.
(32)

14:30:21.764622 IP 10.0.0.17.53 > 10.0.10.1.65314: 54404- 0/2/4 (156)

14:30:21.765525 IP 10.0.10.1.65312 > 10.0.1.200.53: 56721 A? ns.kilo.dnslab.
(32)

14:30:22.779310 IP 10.0.10.1.65310 > 10.0.0.100.53: 56721 A? ns.kilo.dnslab.
(32)

14:30:22.779536 IP 10.0.0.100.53 > 10.0.10.1.65310: 56721- 0/1/2 (90)

14:30:22.780285 IP 10.0.10.1.65308 > 10.0.11.1.53: 44527 A? ns.kilo.dnslab.
(32)

14:30:22.780572 IP 10.0.11.1.53 > 10.0.10.1.65308: 44527* 1/3/8 A 10.0.11.1
(309)

 

Dump from vlan1:

14:30:21.762427 IP 10.10.0.1.65316 > 10.10.0.2.53: 31933 NS? . (17)

14:30:21.762710 IP 10.10.0.2.53 > 10.10.0.1.65316: 31933 3/0/6 NS p.root.,
NS q.root., (198)

14:30:21.764029 IP 10.10.0.1.65315 > 10.10.0.2.53: 57492+ A? p.root. (24)

14:30:21.764185 IP 10.10.0.2.53 > 10.10.0.1.65315: 57492 1/3/5 A 10.0.0.17
(199)

14:30:21.765092 IP 10.10.0.1.65313 > 10.10.0.2.53: 57493+ A? ns2.dnslab.
(28)

14:30:21.765466 IP 10.10.0.2.53 > 10.10.0.1.65313: 57493 1/2/2 A 10.0.1.200
(120)

14:30:22.778952 IP 10.10.0.1.65311 > 10.10.0.2.53: 57494+ A? ns1.dnslab.
(28)

14:30:22.779233 IP 10.10.0.2.53 > 10.10.0.1.65311: 57494 1/2/2 A 10.0.0.100
(120)

14:30:22.780076 IP 10.10.0.1.65309 > 10.10.0.2.53: 57495+ A? ns.kilo.dnslab.
(32)

14:30:22.780230 IP 10.10.0.2.53 > 10.10.0.1.65309: 57495 1/3/8 A 10.0.11.1
(309)

 

cat /etc/resolv.conf

nameserver 10.10.0.2

 

Kind Regards

--

David Peall

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100929/c00c15ff/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6824 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100929/c00c15ff/attachment.bin>

More information about the bind-users mailing list