dig +norecurse behaviour changed with 9.16.33
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Oct 27 08:10:39 UTC 2022
On 27.10.22 09:08, Veronique Lefebure wrote:
>yes, here is a concrete example:
>
># ip-dns-1 runs BIND 9.16.33:
>
>dig @ip-dns-1 spectrum.cern.ch +short +norecurse
>spectrum-lb.cern.ch. <------------- Here we get only the CNAME
># ip-dns-0 runs BIND 9.11:
>
>dig @ip-dns-0 spectrum.cern.ch +short +norecurse
>spectrum-lb.cern.ch.
>xxx.xxx.xx.140 <-------- Here we get in addition the IP of spectrum-lb.cern.ch.
>
>And yes, a capture shows confirms indeed that dig returns less information when the BIND 9.16.33 DNS server is used.
>
>I guess you can easily reproduce that behaviour, unless it is due to a mis-configuration bit on our DNS server ?
I could not reproduce as the query currently returns NXDOMAIN
AFAIK different servers may return different results depending if they have
the requested record in cache or not.
+norecurse only asks server not to send query out, it doesn't prevent
returning cached record.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Nothing is fool-proof to a talented fool.
More information about the bind-users
mailing list