[SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
Shaoquan Lin
lin at ccny.cuny.edu
Tue Feb 22 17:06:16 UTC 2011
Mark,
Are these bugs (2784 and 1804) fixed by BIND 9.6.1-P3? My problem is that I
can not get A records of NSs (like vwall4a.nyc.gov) of nyc.gov from
b.gov-servers.net by BIND 9.6.1-P3 but with no problem with older BINDs like
9.3. I don't know if the problem is with the authoritative nameservers for
gov or the nameservers for nyc.gov or with the BIND I am using. I noticed
the following:
1). a.gov-servers.net or b.gov-servers.net does provide A records in the
additional records of their responses for other subdomain under gov like
treas.gov, just not nyc.gov. So the problem seems with nameservers for
nyc.gov. The problem is relatively new and there might be some recent
changes on nyc.gov.
2) Older version of Binds (like 9.3) seems able to resolve vwall4a.nyc.gov
as shown the packets I captured in my previous e-mail.
What options in named.conf I can use to set "tc"?
Thank you.
Shaoquan Lin
----- Original Message -----
From: "Mark Andrews" <marka at isc.org>
To: "Shaoquan Lin" <lin at ccny.cuny.edu>
Cc: <bind-users at isc.org>
Sent: Saturday, February 19, 2011 6:08 AM
Subject: Re: [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
>
> In message <17894D6D30484DDFBBE95BEF987FF5D1 at se179>, "Shaoquan Lin"
> writes:
>> Ryan,
>>
>> Have you solved your problem? I have similar problems. I run BIND =
>> 9.6..1-P3 on my Solaris 10 and can not resolve anything in domain =
>> nyc.gov. One thing I noticed is: BIND 9.3 send query to =
>> b.gov-servers.net with no Additional records and got a response with A =
>> records for the nyc.gov NS servers in the Additional records; but BIND =
>> 9.6 send query with type OPT Additional records and got a response with =
>> also a type OPT but no A in the Additional records. So the BIND 9.6 can
>> =
>> not find the IP addresses of the nyc.gov NS servers and therefore can =
>> not resolve anything in that domain. Using options "max-udp-size 512" =
>> and "edns-udp-size 512" does not solve the problem.
>>
>> The following are the what I captured. Anyone have any suggestions to =
>> solve the problem? =20
>>
>> Shaoquan Lin
>
> This is really a DNS protocol bug. Glue is not optional when
> returning a referral and failure to add glue should result in
> "tc" being set.
>
> Note: named should set "tc" in the case to work around this protocol
> bug. It's useful to have a real life example rather than a contrived
> example.
>
> 2784. [bug] TC was not always being set when required glue was
> dropped. [RT #20655]
>
> 1804. [bug] Ensure that if we are queried for glue that it
> fits
> in the additional section or TC is set to tell the
> client to retry using TCP. [RT #10114]
>
>
>> BIND 9.3 query:
>> Domain Name System (query)
>>
>> Transaction ID: 0x94ca
>>
>> Flags: 0x0000 (Standard query)
>>
>> 0... .... .... .... =3D Response: Message is a query
>>
>> .000 0... .... .... =3D Opcode: Standard query (0)
>>
>> .... ..0. .... .... =3D Truncated: Message is not truncated
>>
>> .... ...0 .... .... =3D Recursion desired: Don't do query recursively
>>
>> .... .... .0.. .... =3D Z: reserved (0)
>>
>> .... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated =
>> data is unacceptable
>>
>> Questions: 1
>>
>> Answer RRs: 0
>>
>> Authority RRs: 0
>>
>> Additional RRs: 0
>>
>> Queries
>>
>> vwall4a.nyc.gov: type A, class IN
>>
>> Name: vwall4a.nyc.gov
>>
>> Type: A (Host address)
>>
>> Class: IN (0x0001)
>>
>> BIND 9.3 response:
>>
>> Domain Name System (response)
>>
>> Transaction ID: 0x94ca
>>
>> Flags: 0x8000 (Standard query response, No error)
>>
>> 1... .... .... .... =3D Response: Message is a response
>>
>> .000 0... .... .... =3D Opcode: Standard query (0)
>>
>> .... .0.. .... .... =3D Authoritative: Server is not an authority for =
>> domain
>>
>> .... ..0. .... .... =3D Truncated: Message is not truncated
>>
>> .... ...0 .... .... =3D Recursion desired: Don't do query recursively
>>
>> .... .... 0... .... =3D Recursion available: Server can't do recursive =
>> queries
>>
>> .... .... .0.. .... =3D Z: reserved (0)
>>
>> .... .... ..0. .... =3D Answer authenticated: Answer/authority portion =
>> was not authenticated by the server
>>
>> .... .... .... 0000 =3D Reply code: No error (0)
>>
>> Questions: 1
>>
>> Answer RRs: 0
>>
>> Authority RRs: 4
>>
>> Additional RRs: 4
>>
>> Queries
>>
>> vwall4a.nyc.gov: type A, class IN
>>
>> Name: vwall4a.nyc.gov
>>
>> Type: A (Host address)
>>
>> Class: IN (0x0001)
>>
>> Authoritative nameservers
>>
>> nyc.gov: type NS, class IN, ns vwall1a.nyc.gov
>>
>> Name: nyc.gov
>>
>> Type: NS (Authoritative name server)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 10
>>
>> Name server: vwall1a.nyc.gov
>>
>> nyc.gov: type NS, class IN, ns vwall2a.nyc.gov
>>
>> Name: nyc.gov
>>
>> Type: NS (Authoritative name server)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 10
>>
>> Name server: vwall2a.nyc.gov
>>
>> nyc.gov: type NS, class IN, ns vwall3a.nyc.gov
>>
>> Name: nyc.gov
>>
>> Type: NS (Authoritative name server)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 10
>>
>> Name server: vwall3a.nyc.gov
>>
>> nyc.gov: type NS, class IN, ns vwall4a.nyc.gov
>>
>> Name: nyc.gov
>>
>> Type: NS (Authoritative name server)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 10
>>
>> Name server: vwall4a.nyc.gov
>>
>> Additional records
>>
>> vwall1a.nyc.gov: type A, class IN, addr 161.185.1.3
>>
>> Name: vwall1a.nyc.gov
>>
>> Type: A (Host address)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 4
>>
>> Addr: 161.185.1.3
>>
>> vwall2a.nyc.gov: type A, class IN, addr 161.185.1.12
>>
>> Name: vwall2a.nyc.gov
>>
>> Type: A (Host address)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 4
>>
>> Addr: 161.185.1.12
>>
>> vwall3a.nyc.gov: type A, class IN, addr 167.153.130.12
>>
>> Name: vwall3a.nyc.gov
>>
>> Type: A (Host address)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 4
>>
>> Addr: 167.153.130.12
>>
>> vwall4a.nyc.gov: type A, class IN, addr 167.153.130.13
>>
>> Name: vwall4a.nyc.gov
>>
>> Type: A (Host address)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 4
>>
>> Addr: 167.153.130.13
>>
>> BIND 9.6 query:
>>
>> Domain Name System (query)
>>
>> Transaction ID: 0x6427
>>
>> Flags: 0x0000 (Standard query)
>>
>> 0... .... .... .... =3D Response: Message is a query
>>
>> .000 0... .... .... =3D Opcode: Standard query (0)
>>
>> .... ..0. .... .... =3D Truncated: Message is not truncated
>>
>> .... ...0 .... .... =3D Recursion desired: Don't do query recursively
>>
>> .... .... .0.. .... =3D Z: reserved (0)
>>
>> .... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated =
>> data is unacceptable
>>
>> Questions: 1
>>
>> Answer RRs: 0
>>
>> Authority RRs: 0
>>
>> Additional RRs: 1
>>
>> Queries
>>
>> vwall4a.nyc.gov: type A, class IN
>>
>> Name: vwall4a.nyc.gov
>>
>> Type: A (Host address)
>>
>> Class: IN (0x0001)
>>
>> Additional records
>>
>> <Root>: type OPT
>>
>> Name: <Root>
>>
>> Type: OPT (EDNS0 option)
>>
>> UDP payload size: 512
>>
>> Higher bits in extended RCODE: 0x0
>>
>> EDNS0 version: 0
>>
>> Z: 0x8000
>>
>> Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
>>
>> Bits 1-15: 0x0 (reserved)
>>
>> Data length: 0
>>
>> BIND 9.6 response:
>>
>> Domain Name System (response)
>>
>> Transaction ID: 0x6427
>>
>> Flags: 0x8000 (Standard query response, No error)
>>
>> 1... .... .... .... =3D Response: Message is a response
>>
>> .000 0... .... .... =3D Opcode: Standard query (0)
>>
>> .... .0.. .... .... =3D Authoritative: Server is not an authority for =
>> domain
>>
>> .... ..0. .... .... =3D Truncated: Message is not truncated
>>
>> .... ...0 .... .... =3D Recursion desired: Don't do query recursively
>>
>> .... .... 0... .... =3D Recursion available: Server can't do recursive =
>> queries
>>
>> .... .... .0.. .... =3D Z: reserved (0)
>>
>> .... .... ..0. .... =3D Answer authenticated: Answer/authority portion =
>> was not authenticated by the server
>>
>> .... .... .... 0000 =3D Reply code: No error (0)
>>
>> Questions: 1
>>
>> Answer RRs: 0
>>
>> Authority RRs: 6
>>
>> Additional RRs: 1
>>
>> Queries
>>
>> vwall4a.nyc.gov: type A, class IN
>>
>> Name: vwall4a.nyc.gov
>>
>> Type: A (Host address)
>>
>> Class: IN (0x0001)
>>
>> Authoritative nameservers
>>
>> nyc.gov: type NS, class IN, ns vwall1a.nyc.gov
>>
>> Name: nyc.gov
>>
>> Type: NS (Authoritative name server)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 10
>>
>> Name server: vwall1a.nyc.gov
>>
>> nyc.gov: type NS, class IN, ns vwall2a.nyc.gov
>>
>> Name: nyc.gov
>>
>> Type: NS (Authoritative name server)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 10
>>
>> Name server: vwall2a.nyc.gov
>>
>> nyc.gov: type NS, class IN, ns vwall3a.nyc.gov
>>
>> Name: nyc.gov
>>
>> Type: NS (Authoritative name server)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 10
>>
>> Name server: vwall3a.nyc.gov
>>
>> nyc.gov: type NS, class IN, ns vwall4a.nyc.gov
>>
>> Name: nyc.gov
>>
>> Type: NS (Authoritative name server)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 10
>>
>> Name server: vwall4a.nyc.gov
>>
>> rq2651faaj4nen6tfis8ju5005qccn8j.gov: type Unknown (50), class IN
>>
>> Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov
>>
>> Type: Unknown (50)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 35
>>
>> Data
>>
>> rq2651faaj4nen6tfis8ju5005qccn8j.gov: type RRSIG, class IN
>>
>> Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov
>>
>> Type: RRSIG (RR signature)
>>
>> Class: IN (0x0001)
>>
>> Time to live: 1 day
>>
>> Data length: 279
>>
>> Type covered: Unknown (50)
>>
>> Algorithm: Unknown (0x07)
>>
>> Labels: 2
>>
>> Original TTL: 1 day
>>
>> Signature expiration: Feb 22, 2011 05:00:22.000000000
>>
>> Time signed: Feb 17, 2011 05:00:22.000000000
>>
>> Id of signing key(footprint): 47602
>>
>> Signer's name: gov
>>
>> Signature
>>
>> Additional records
>>
>> <Root>: type OPT
>>
>> Name: <Root>
>>
>> Type: OPT (EDNS0 option)
>>
>> UDP payload size: 1472
>>
>> Higher bits in extended RCODE: 0x0
>>
>> EDNS0 version: 0
>>
>> Z: 0x0
>>
>> Data length: 0
>>
>> ------=_NextPart_000_0116_01CBCF84.31A5E720
>> Content-Type: text/html;
>> charset="iso-8859-1"
>> Content-Transfer-Encoding: quoted-printable
>>
>> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>> <HTML><HEAD>
>> <META content=3D"text/html; charset=3Diso-8859-1" =
>> http-equiv=3DContent-Type>
>> <META name=3DGENERATOR content=3D"MSHTML 8.00.6001.19019">
>> <STYLE></STYLE>
>> </HEAD>
>> <BODY bgColor=3D#ffffff>
>> <DIV><FONT size=3D2 face=3DArial>Ryan,</FONT></DIV>
>> <DIV><FONT size=3D2 face=3DArial></FONT> </DIV>
>> <DIV><FONT size=3D2 face=3DArial>Have you solved your problem? I =
>> have similar=20
>> problems. I run BIND 9.6..1-P3 on my Solaris 10 and can not resolve =
>> anything in=20
>> domain nyc.gov. One thing I noticed is: BIND 9.3 send query =
>> to=20
>> b.gov-servers.net with no Additional records and got a response=20
>> with A records for the nyc.gov NS servers in the Additional =
>> records;=20
>> but BIND 9.6 send query with type OPT Additional records and got a =
>> response with=20
>> also a type OPT but no A in the Additional records. So the BIND =
>> 9.6 can=20
>> not find the IP addresses of the nyc.gov NS servers and therefore can =
>> not=20
>> resolve anything in that domain. Using options "<FONT=20
>> size=3D3>max-udp-size 512" and "edns-udp-size 512" =
>> does not=20
>> solve the problem.</FONT></FONT></DIV>
>> <DIV><FONT face=3DArial></FONT> </DIV>
>> <DIV><FONT face=3DArial>The following are the what I captured. =
>> Anyone have=20
>> any suggestions to solve the=20
>> problem? =
>> </FONT></DIV>
>> <DIV><FONT face=3DArial></FONT> </DIV>
>> <DIV><FONT face=3DArial>Shaoquan Lin</FONT></DIV>
>> <DIV><FONT face=3DArial></FONT> </DIV>
>> <DIV><FONT face=3DArial>BIND 9.3 query:</FONT></DIV>
>> <DIV><FONT size=3D2 face=3DArial><SPAN lang=3DEN>
>> <P>Domain Name System (query)</P>
>> <P>Transaction ID: 0x94ca</P>
>> <P>Flags: 0x0000 (Standard query)</P>
>> <P>0... .... .... .... =3D Response: Message is a query</P>
>> <P>.000 0... .... .... =3D Opcode: Standard query (0)</P>
>> <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P>
>> <P>.... ...0 .... .... =3D Recursion desired: Don't do query =
>> recursively</P>
>> <P>.... .... .0.. .... =3D Z: reserved (0)</P>
>> <P>.... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated =
>> data is=20
>> unacceptable</P>
>> <P>Questions: 1</P>
>> <P>Answer RRs: 0</P>
>> <P>Authority RRs: 0</P>
>> <P>Additional RRs: 0</P>
>> <P>Queries</P>
>> <P>vwall4a.nyc.gov: type A, class IN</P>
>> <P>Name: vwall4a.nyc.gov</P>
>> <P>Type: A (Host address)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>BIND 9.3 response:</P><SPAN lang=3DEN>
>> <P>Domain Name System (response)</P>
>> <P>Transaction ID: 0x94ca</P>
>> <P>Flags: 0x8000 (Standard query response, No error)</P>
>> <P>1... .... .... .... =3D Response: Message is a response</P>
>> <P>.000 0... .... .... =3D Opcode: Standard query (0)</P>
>> <P>.... .0.. .... .... =3D Authoritative: Server is not an authority for
>> =
>>
>> domain</P>
>> <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P>
>> <P>.... ...0 .... .... =3D Recursion desired: Don't do query =
>> recursively</P>
>> <P>.... .... 0... .... =3D Recursion available: Server can't do =
>> recursive=20
>> queries</P>
>> <P>.... .... .0.. .... =3D Z: reserved (0)</P>
>> <P>.... .... ..0. .... =3D Answer authenticated: Answer/authority =
>> portion was not=20
>> authenticated by the server</P>
>> <P>.... .... .... 0000 =3D Reply code: No error (0)</P>
>> <P>Questions: 1</P>
>> <P>Answer RRs: 0</P>
>> <P>Authority RRs: 4</P>
>> <P>Additional RRs: 4</P>
>> <P>Queries</P>
>> <P>vwall4a.nyc.gov: type A, class IN</P>
>> <P>Name: vwall4a.nyc.gov</P>
>> <P>Type: A (Host address)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Authoritative nameservers</P>
>> <P>nyc.gov: type NS, class IN, ns vwall1a.nyc.gov</P>
>> <P>Name: nyc.gov</P>
>> <P>Type: NS (Authoritative name server)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 10</P>
>> <P>Name server: vwall1a.nyc.gov</P>
>> <P>nyc.gov: type NS, class IN, ns vwall2a.nyc.gov</P>
>> <P>Name: nyc.gov</P>
>> <P>Type: NS (Authoritative name server)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 10</P>
>> <P>Name server: vwall2a.nyc.gov</P>
>> <P>nyc.gov: type NS, class IN, ns vwall3a.nyc.gov</P>
>> <P>Name: nyc.gov</P>
>> <P>Type: NS (Authoritative name server)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 10</P>
>> <P>Name server: vwall3a.nyc.gov</P>
>> <P>nyc.gov: type NS, class IN, ns vwall4a.nyc.gov</P>
>> <P>Name: nyc.gov</P>
>> <P>Type: NS (Authoritative name server)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 10</P>
>> <P>Name server: vwall4a.nyc.gov</P>
>> <P>Additional records</P>
>> <P>vwall1a.nyc.gov: type A, class IN, addr 161.185.1.3</P>
>> <P>Name: vwall1a.nyc.gov</P>
>> <P>Type: A (Host address)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 4</P>
>> <P>Addr: 161.185.1.3</P>
>> <P>vwall2a.nyc.gov: type A, class IN, addr 161.185.1.12</P>
>> <P>Name: vwall2a.nyc.gov</P>
>> <P>Type: A (Host address)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 4</P>
>> <P>Addr: 161.185.1.12</P>
>> <P>vwall3a.nyc.gov: type A, class IN, addr 167.153.130.12</P>
>> <P>Name: vwall3a.nyc.gov</P>
>> <P>Type: A (Host address)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 4</P>
>> <P>Addr: 167.153.130.12</P>
>> <P>vwall4a.nyc.gov: type A, class IN, addr 167.153.130.13</P>
>> <P>Name: vwall4a.nyc.gov</P>
>> <P>Type: A (Host address)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 4</P>
>> <P>Addr: 167.153.130.13</P></SPAN></SPAN></FONT></DIV>
>> <DIV><FONT size=3D2 face=3DArial>BIND 9.6 query:</FONT></DIV>
>> <DIV> </DIV>
>> <DIV><SPAN lang=3DEN>
>> <P>Domain Name System (query)</P>
>> <P>Transaction ID: 0x6427</P>
>> <P>Flags: 0x0000 (Standard query)</P>
>> <P>0... .... .... .... =3D Response: Message is a query</P>
>> <P>.000 0... .... .... =3D Opcode: Standard query (0)</P>
>> <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P>
>> <P>.... ...0 .... .... =3D Recursion desired: Don't do query =
>> recursively</P>
>> <P>.... .... .0.. .... =3D Z: reserved (0)</P>
>> <P>.... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated =
>> data is=20
>> unacceptable</P>
>> <P>Questions: 1</P>
>> <P>Answer RRs: 0</P>
>> <P>Authority RRs: 0</P>
>> <P>Additional RRs: 1</P>
>> <P>Queries</P>
>> <P>vwall4a.nyc.gov: type A, class IN</P>
>> <P>Name: vwall4a.nyc.gov</P>
>> <P>Type: A (Host address)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Additional records</P>
>> <P><Root>: type OPT</P>
>> <P>Name: <Root></P>
>> <P>Type: OPT (EDNS0 option)</P>
>> <P>UDP payload size: 512</P>
>> <P>Higher bits in extended RCODE: 0x0</P>
>> <P>EDNS0 version: 0</P>
>> <P>Z: 0x8000</P>
>> <P>Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)</P>
>> <P>Bits 1-15: 0x0 (reserved)</P>
>> <P>Data length: 0</P>
>> <P>BIND 9.6 response:</P><SPAN lang=3DEN>
>> <P>Domain Name System (response)</P>
>> <P>Transaction ID: 0x6427</P>
>> <P>Flags: 0x8000 (Standard query response, No error)</P>
>> <P>1... .... .... .... =3D Response: Message is a response</P>
>> <P>.000 0... .... .... =3D Opcode: Standard query (0)</P>
>> <P>.... .0.. .... .... =3D Authoritative: Server is not an authority for
>> =
>>
>> domain</P>
>> <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P>
>> <P>.... ...0 .... .... =3D Recursion desired: Don't do query =
>> recursively</P>
>> <P>.... .... 0... .... =3D Recursion available: Server can't do =
>> recursive=20
>> queries</P>
>> <P>.... .... .0.. .... =3D Z: reserved (0)</P>
>> <P>.... .... ..0. .... =3D Answer authenticated: Answer/authority =
>> portion was not=20
>> authenticated by the server</P>
>> <P>.... .... .... 0000 =3D Reply code: No error (0)</P>
>> <P>Questions: 1</P>
>> <P>Answer RRs: 0</P>
>> <P>Authority RRs: 6</P>
>> <P>Additional RRs: 1</P>
>> <P>Queries</P>
>> <P>vwall4a.nyc.gov: type A, class IN</P>
>> <P>Name: vwall4a.nyc.gov</P>
>> <P>Type: A (Host address)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Authoritative nameservers</P>
>> <P>nyc.gov: type NS, class IN, ns vwall1a.nyc.gov</P>
>> <P>Name: nyc.gov</P>
>> <P>Type: NS (Authoritative name server)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 10</P>
>> <P>Name server: vwall1a.nyc.gov</P>
>> <P>nyc.gov: type NS, class IN, ns vwall2a.nyc.gov</P>
>> <P>Name: nyc.gov</P>
>> <P>Type: NS (Authoritative name server)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 10</P>
>> <P>Name server: vwall2a.nyc.gov</P>
>> <P>nyc.gov: type NS, class IN, ns vwall3a.nyc.gov</P>
>> <P>Name: nyc.gov</P>
>> <P>Type: NS (Authoritative name server)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 10</P>
>> <P>Name server: vwall3a.nyc.gov</P>
>> <P>nyc.gov: type NS, class IN, ns vwall4a.nyc.gov</P>
>> <P>Name: nyc.gov</P>
>> <P>Type: NS (Authoritative name server)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 10</P>
>> <P>Name server: vwall4a.nyc.gov</P>
>> <P>rq2651faaj4nen6tfis8ju5005qccn8j.gov: type Unknown (50), class IN</P>
>> <P>Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov</P>
>> <P>Type: Unknown (50)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 35</P>
>> <P>Data</P>
>> <P>rq2651faaj4nen6tfis8ju5005qccn8j.gov: type RRSIG, class IN</P>
>> <P>Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov</P>
>> <P>Type: RRSIG (RR signature)</P>
>> <P>Class: IN (0x0001)</P>
>> <P>Time to live: 1 day</P>
>> <P>Data length: 279</P>
>> <P>Type covered: Unknown (50)</P>
>> <P>Algorithm: Unknown (0x07)</P>
>> <P>Labels: 2</P>
>> <P>Original TTL: 1 day</P>
>> <P>Signature expiration: Feb 22, 2011 05:00:22.000000000</P>
>> <P>Time signed: Feb 17, 2011 05:00:22.000000000</P>
>> <P>Id of signing key(footprint): 47602</P>
>> <P>Signer's name: gov</P>
>> <P>Signature</P>
>> <P>Additional records</P>
>> <P><Root>: type OPT</P>
>> <P>Name: <Root></P>
>> <P>Type: OPT (EDNS0 option)</P>
>> <P>UDP payload size: 1472</P>
>> <P>Higher bits in extended RCODE: 0x0</P>
>> <P>EDNS0 version: 0</P>
>> <P>Z: 0x0</P>
>> <P>Data length: 0</P></SPAN></SPAN></DIV></BODY></HTML>
>>
>> ------=_NextPart_000_0116_01CBCF84.31A5E720--
>>
>>
>>
>> --===============7478579667512691322==
>> Content-Type: text/plain; charset="us-ascii"
>> MIME-Version: 1.0
>> Content-Transfer-Encoding: 7bit
>> Content-Disposition: inline
>>
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>> --===============7478579667512691322==--
>>
>>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list