bin 9.10 verbose logging

Mark Andrews marka at isc.org
Fri May 9 23:05:00 UTC 2014 

In message <1399664632.4864.59.camel at ns.five-ten-sg.com>, Carl Byington writes:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Sat, 2014-05-03 at 14:28 -0500, Jeremy C. Reed wrote:
> > "We didn't get a OPT record in response to a EDNS query." and also
> > says "We need to drop/remove the logging here when we have more
> > experience."
> 
> Is there a sample dig query that can reproduce this? I see such a
> message in my log files regarding domain of interest to me.
> 
> For the OP's question, presumably something like
> 
> dig dns2.osogrande.com aaaa @207.66.8.132 +?????

Modern versions of DiG turn on EDNS by default.

+[no]edns[=version]
+[no]dnssec (implies +edns)

If there is a OPT record in the response you will see something
like this:

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096

or

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; NSID: 72 6f 63 6b 2e 64 76 2e 69 73 63 2e 6f 72 67 ("rock.dv.isc.org")
; SIT: 8cd65ccfb9f282d53599db62536d5c39ec27d9c7420ccbbe (good)
; EXPIRE: 2389987 (3 weeks 6 days 15 hours 53 minutes 7 seconds)

If you turn on some of the EDNS options (+sit +nsid +expire) in the
request.

+sit	(source identity token) provides 64 additional bits of randomness
	to make of path spoofing virtually impossible to achieve.  It
	also provides a method for servers to know they are talking to
	a client that have talked to before so they don't need to
	rate limit responses (uses a experimental code point).
+nsid	(name server identifier)
+expire how long to go before the zone expires (code point 9 has been
	assigned for this, 9.10.0 uses a experimental code point and
	will be changed in 9.10.1 to the assigned code point).

Mark
 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> 
> iEYEARECAAYFAlNtL94ACgkQL6j7milTFsGZ2wCfccgyulUODofPfOr1vG98U8t+
> ujYAnjdsOnfTFsJVDeHqycRoKLkT5o/G
> =8OIw
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list