Query regarding dig output

Marc Lampo marc.lampo at eurid.eu
Tue Nov 15 13:51:42 UTC 2011 

Hello,



The fourth record in the ADDITIONAL section is the OPT EDNS0 record,
“returned” by the server.

You can see it displayed in the “QUESTION SECTION:”



Also, try “dig @180.149.63.3 nkn.in. +dnssec +bufsize=1024” (EDNS0, with
D0, but payload of 1024)

à in the reply the payload will be 4096 : so the server returns most of
EDNS0 info in the query,

      but replaces the UDP payload size by what it accepts itself.

(cfr recent posting of Mark Andrews in IETF dnsext mailing list about
finding this out)



Kind regards,



Marc Lampo

Security Officer

EURid



From: Gaurav Kansal [mailto:gaurav.kansal at nic.in]
Sent: 15 November 2011 01:42 PM
To: bind-users at lists.isc.org
Subject: Query regarding dig output



Dear Sir,



When I am query through dig for nkn.in domain without any additional
parameter, It is showing 3 ADDITIONAL records.

And when I am query through dig for same nkn.in domain with +dnssec
parameter, It is showing 4 ADDITIONAL records but there are only 3 answers
in ;;ADDITIONAL SECTION.

Why is it so???????





[@gaurav ~]#

[@gaurav ~]# dig @180.149.63.3  nkn.in



; <<>> DiG 9.3.3rc2 <<>> @180.149.63.3 nkn.in

; (1 server found)

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62605

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3



;; QUESTION SECTION:

;nkn.in.                                IN      A



;; ANSWER SECTION:

nkn.in.                 86400   IN      A       164.100.56.206



;; AUTHORITY SECTION:

nkn.in.                 86400   IN      NS      ns3.nkn.in.

nkn.in.                 86400   IN      NS      ns2.nkn.in.

nkn.in.                 86400   IN      NS      ns1.nkn.in.



;; ADDITIONAL SECTION:

ns1.nkn.in.             86400   IN      A       180.149.63.3

ns2.nkn.in.             86400   IN      A       180.149.63.66

ns3.nkn.in.             86400   IN      AAAA    2405:8a00:1000::2



;; Query time: 2 msec

;; SERVER: 180.149.63.3#53(180.149.63.3)

;; WHEN: Tue Nov 15 17:58:21 2011

;; MSG SIZE  rcvd: 154



[@gaurav ~]#





























[@gaurav ~]#

[@gaurav ~]# dig @180.149.63.3 +dnssec nkn.in



; <<>> DiG 9.3.3rc2 <<>> @180.149.63.3 +dnssec nkn.in

; (1 server found)

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39199

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4



;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 4096

;; QUESTION SECTION:

;nkn.in.                                IN      A



;; ANSWER SECTION:

nkn.in.                 86400   IN      A       164.100.56.206



;; AUTHORITY SECTION:

nkn.in.                 86400   IN      NS      ns1.nkn.in.

nkn.in.                 86400   IN      NS      ns3.nkn.in.

nkn.in.                 86400   IN      NS      ns2.nkn.in.



;; ADDITIONAL SECTION:

ns1.nkn.in.             86400   IN      A       180.149.63.3

ns2.nkn.in.             86400   IN      A       180.149.63.66

ns3.nkn.in.             86400   IN      AAAA    2405:8a00:1000::2



;; Query time: 603 msec

;; SERVER: 180.149.63.3#53(180.149.63.3)

;; WHEN: Tue Nov 15 17:59:33 2011

;; MSG SIZE  rcvd: 165



[@gaurav ~]#



Thanks and Regards,

Gaurav Kansal

8860785630

9910118448



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20111115/5a613f7d/attachment.html>

More information about the bind-users mailing list