dig +norecurse behaviour changed with 9.16.33

Veronique Lefebure veronique.lefebure at cern.ch
Thu Oct 27 07:08:38 UTC 2022 

Hi all,


yes, here is a concrete example:


# ip-dns-1 runs BIND 9.16.33:


dig @ip-dns-1 spectrum.cern.ch +short +norecurse
spectrum-lb.cern.ch.     <------------- Here we get only the CNAME



# ip-dns-0 runs BIND 9.11:


dig @ip-dns-0 spectrum.cern.ch +short +norecurse
spectrum-lb.cern.ch.
xxx.xxx.xx.140         <-------- Here we get in addition the IP of spectrum-lb.cern.ch.





And yes, a capture shows confirms indeed that dig returns less information when the BIND 9.16.33 DNS server is used.


I guess you can easily reproduce that behaviour, unless it is due to a mis-configuration bit on our DNS server ?


Thanks,
Véronique

> On 26/10/2022 21:04 Greg Choules <gregchoules+bindusers at googlemail.com> wrote:
> 
> 
> 
> 
> Hi Veronique.
> As other people have said, more details please.
> 
> 
> To have a complete picture of what is going on, not only would we need to know what your dig tests look like, but also where dig is sending its queries and how that DNS server is configured.
> 
> 
> You can tell dig to send queries anywhere, using @<server>. However, if you don't use that it will default to using the nameservers in /etc/resolv.conf. So it may be useful to see the contents of that.
> 
> 
> Wherever dig is sending its queries, we would need to know what that server will do with them. So its configuration would also be useful.
> 
> 
> Lastly, the best way to see queries and responses, right down to the nuts and bolts, is with a packet capture.
> 
> 
> 
> 
> You thought this was an easy question, huh ;)
> 
> Can you provide at least some of these things, to get started?
> 
> 
> Cheers, Greg
> 
> 
> On Wed, 26 Oct 2022 at 16:41, Veronique Lefebure <veronique.lefebure at cern.ch <mailto:veronique.lefebure at cern.ch>> wrote:
> > 
> > Hi,
> > 
> > 
> > dig answer is different between BIND 9.11 and BIND 9.16(.33) when +norecurse option is used.
> > Is this documented somewhere ?
> > 
> > 
> > Is there an option that needs to be set so that the behaviour of 9.16 is the same as the one in 9.11.
> > 
> > 
> > The change is that with 9.16, if the requested name is a CNAME, only the CNAME value is returned by dig, while with 9.11 dig would return both the CNAME value and the IP of the CNAME.
> > 
> > 
> > Thanks,
> > Veronique --
> > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> > 
> > ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> > 
> > 
> > bind-users mailing list
> > bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
> > https://lists.isc.org/mailman/listinfo/bind-users
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20221027/f8ddcba3/attachment.htm>

More information about the bind-users mailing list