[UNsolved] was: what does dig +trace do?
Torinthiel
torinthiel at data.pl
Thu Sep 1 16:24:11 UTC 2011
On 09/01/11 17:56, Tom Schmitt wrote:
>
> I found the cause of my problem (and a solution):
>
> dig +trace actually has another behaviour than doing the trace manually step by step with dig.
>
>
> For a trace, dig is asking for the NS-records, then for the IP-address of the nameserver found and then go on asking this nameserver. Till the destination is reached.
>
> In my case, dig is asking for the nameservers of the root-zone and is getting the answer:
> . IN NS root1
> . IN NS root2
> etc
>
> Next dig is asking for the A-record of root1. And here is the differrence:
>
> If I do "dig root1" dig is asking exactly this, it is asking for the A-record of root1. And of course I get the correct answer from named.
>
> The +trace option does not do this!
> Instead, the +trace-option is using the searchsuffix in the resolv.conf and is asking for root1.my.search.suffix. and NOT for root1.
> This is why the +trace option fails every time.
>
> After deleting the searchsuffix in resolv.conf, dig +trace is working fine without any error.
>
> In my oppinion it's a bug that dig +trace behave in a differrent way than doing the queries with dig one by one.
No, IMHO, it's a bug in your root zone.
Names without dot at end are relative. Change your root zone to say
. IN NS root1.
. IN NS root2.
(with dots appended) and you should be home.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110901/61ed6016/attachment.bin>
More information about the bind-users
mailing list