different behavior: A Records in DNS answer, when query of type "any" (existing CNAME)
Mark Andrews
marka at isc.org
Mon Mar 7 22:19:59 UTC 2011
In message <1DD28595E6555E498A4EED9CF13F8ABF07BE20707A at SVCSTCCRMB01.devoteam.co
m>, Diezig Adrian writes:
>
> Hi,
>
> I have a question concerning answers from DNS servers, when I query a name =
> with type "any" and the name is a CNAME.
> I have the following example (works also in Internet) with an ISC BIND serv=
> er (BIND 9.7.0-P1):
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @newton.genesiscom.ch dn=
> s.ipam.ch
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25078
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;dns.ipam.ch. IN A
>
> ;; ANSWER SECTION:
> dns.ipam.ch. 600 IN CNAME www.ipam.ch.
> www.ipam.ch. 600 IN A 81.18.25.238
>
> ;; Query time: 1 msec
> ;; SERVER: 10.10.3.13#53(10.10.3.13)
> ;; WHEN: Mon Mar 7 11:52:38 2011
> ;; MSG SIZE rcvd: 63
>
>
> As you can see, we have a CNAME dns.ipam.ch that points to www.ipam.ch.
> www.ipam.ch is an A-Record to 81.18.25.238.
>
>
> When I do the following query (type=any to dns.ipam.ch), only the CNAME i=
> tself will be in the answer section (the A-Record not):
>
> ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @newton.genesiscom.ch dn=
> s.ipam.ch any
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46532
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;dns.ipam.ch. IN ANY
>
> ;; ANSWER SECTION:
> dns.ipam.ch. 600 IN CNAME www.ipam.ch.
>
> ;; Query time: 1 msec
> ;; SERVER: 10.10.3.13#53(10.10.3.13)
> ;; WHEN: Mon Mar 7 11:53:21 2011
> ;; MSG SIZE rcvd: 47
>
>
>
>
> When I do a comparable query (also with type=any) to another DNS Server (=
> eg. google.com)....
>
> ; <<>> DiG 9.3.2 <<>> @ns1.google.com. www.google.com. any
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1636
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.google.com. IN ANY
>
> ;; ANSWER SECTION:
> www.google.com. 604800 IN CNAME www.l.google.com.
> www.l.google.com. 300 IN A 74.125.232.114
> www.l.google.com. 300 IN A 74.125.232.115
> www.l.google.com. 300 IN A 74.125.232.116
> www.l.google.com. 300 IN A 74.125.232.113
> www.l.google.com. 300 IN A 74.125.232.112
>
> ;; Query time: 46 msec
> ;; SERVER: 216.239.32.10#53(216.239.32.10)
> ;; WHEN: Mon Mar 07 09:44:32 2011
> ;; MSG SIZE rcvd: 132
>
>
> ... I will get also the associated A Records.
> Does anybody have an idea, why the behavior is different? Can I configure t=
> his on my DNS Server (ISC BIND)?
>
> FYI:
> dig @ns1.hp.com. www.hp.com. any
> and
> dig @ns1.yahoo.com. www.yahoo.com any
>
> will also answer without any A-Records (like me).
>
> I have the following questions:
>
> - which one is correct (RFC)?
>
> - is it configurable in ISC BIND?
>
> - does the behavior depends on different BIND version?
>
> I know that it is not very common to do queries with type any. The problem =
> we have is the following:
> A Device/Application in our network is doing always queries from type "any"=
> .
> From our side it's not possible to change the type, because it's hard-coded=
> in the software.
Go back to your vendor and demand a fix. Applications which make
ANY queries and don't followup with specific type the application
needs when it isn't returned are broken. ANY queries are handled
differently to normal queries. Similarly CNAME queries are handled
differently to normal queries.
Mark
> Kind regards
>
> Adrian
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list