questions on the dig info

Mark Andrews marka at isc.org
Sat Jul 9 02:58:35 UTC 2011 

In message <CAA3U4eN75Jav7d0zSxtm-vojynzHw_LZNbCQhUevvk1PeOu58g at mail.gmail.com>
, Feng He writes:
> Hello list,
> 
> 
> $ dig www.qq.com ns @ns1.qq.com
> 
> ; <<>> DiG 9.4.2-P2.1 <<>> www.qq.com ns @ns1.qq.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50734
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;www.qq.com.                    IN      NS
> 
> ;; ANSWER SECTION:
> www.qq.com.             86400   IN      NS      ns-tel1.qq.com.
> www.qq.com.             86400   IN      NS      ns-tel2.qq.com.
> 
> ;; AUTHORITY SECTION:
> qq.com.                 86400   IN      NS      ns4.qq.com.
> qq.com.                 86400   IN      NS      ns1.qq.com.
> qq.com.                 86400   IN      NS      ns2.qq.com.
> qq.com.                 86400   IN      NS      ns3.qq.com.
> 
> ;; Query time: 7 msec
> ;; SERVER: 219.133.62.252#53(219.133.62.252)
> ;; WHEN: Sat Jul  9 08:58:38 2011
> ;; MSG SIZE  rcvd: 144
> 
> 
> 
> 
> $ dig www.qq.com ns @ns-tel1.qq.com
> 
> ; <<>> DiG 9.4.2-P2.1 <<>> www.qq.com ns @ns-tel1.qq.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44393
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;www.qq.com.                    IN      NS
> 
> ;; AUTHORITY SECTION:
> qq.com.                 86400   IN      SOA     ns1.qq.com.
> webmaster.qq.com. 1293074536 300 600 86400 86400
> 
> ;; Query time: 7 msec
> ;; SERVER: 121.14.73.115#53(121.14.73.115)
> ;; WHEN: Sat Jul  9 08:59:07 2011
> ;; MSG SIZE  rcvd: 78
> 
> 
> 
> 
> I have two questions against the two dig info above.
> 
> First, why ns1.qq.com (which is the authority nameserver for the zone
> of qq.com, not www.qq.com) returns the authority answer for
> www.qq.com's NS query? and even includes a AA flag in the response.

Because the nameserver is not RFC compliant.  There are lots of
broken nameservers out there.  Early versions of BIND had this bug
but we removed it over a decade ago.

> Second, why ns-tel1.qq.com (which is the authority nameserver for the
> zone of www.qq.com) returns nothing for this zone's NS query?

Because it is misconfigured.  Instead of serving www.qq.com it is configured
to server qq.com which can be seen in all the negative answers it returns.
Unfortunately lots of load balancers are similarly misconfigured.

You see similar issues with AAAA queries which causes lookup failures.

; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec aaaa www.qq.com @ns-tel1.qq.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14164
;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.qq.com.			IN	AAAA

;; AUTHORITY SECTION:
qq.com.			86400	IN	SOA	ns1.qq.com. webmaster.qq.com. 1293074536 300 600 86400 86400

;; Query time: 394 msec
;; SERVER: 121.14.73.115#53(121.14.73.115)
;; WHEN: Sat Jul  9 12:43:39 2011
;; MSG SIZE  rcvd: 78

> Thank you.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list