BIND 9.2.1 and TCP

zack.nash at amd.com zack.nash at amd.com
Thu Nov 7 18:57:14 UTC 2002


This is not public DNS this is internal only DNS.  I am sorry for the confusion on this matter.
Zack

-----Original Message-----
From: Kevin Darcy [mailto:kcd at daimlerchrysler.com]
Sent: Thursday, November 07, 2002 10:52 AM
To: bind-users at isc.org
Subject: Re: BIND 9.2.1 and TCP



That's pretty disgusting. 172.16/12 is a RFC 1918 "private" range so those
172.20.*.* and 172.28.*.* addresses shouldn't be in the public DNS *at*all*...


- Kevin

zack.nash at amd.com wrote:

> 'dig +ignoretc +search <name>' :
>
> ; <<>> DiG 8.2 <<>> +ignoretc +search nash.amd.com @aus-la-ns1
> ; (1 server found)
> ;; res options: init igntc recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41812
> ;; flags: qr aa tc rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 22, ADDITIONAL: 0
> ;;      nash.amd.com, type = A, class = IN
> nash.amd.com.           0S IN A         139.95.99.116
> amd.com.                1H IN NS        ns2.amd.com.
> amd.com.                1H IN NS        ns5.amd.com.
> amd.com.                1H IN NS        ns6.amd.com.
> amd.com.                1H IN NS        ns7.amd.com.
> amd.com.                1H IN NS        ns8.amd.com.
> amd.com.                1H IN NS        ns9.amd.com.
> amd.com.                1H IN NS        fuji.amd.com.
> amd.com.                1H IN NS        ns10.amd.com.
> amd.com.                1H IN NS        ns11.amd.com.
> amd.com.                1H IN NS        ns12.amd.com.
> amd.com.                1H IN NS        ns13.amd.com.
> amd.com.                1H IN NS        f30ns1.amd.com.
> amd.com.                1H IN NS        f30ns2.amd.com.
> amd.com.                1H IN NS        vienna.amd.com.
> amd.com.                1H IN NS        bkkdns1.amd.com.
> amd.com.                1H IN NS        pngdns1.amd.com.
> amd.com.                1H IN NS        sgpdns1.amd.com.
> amd.com.                1H IN NS        suzdns1.amd.com.
> amd.com.                1H IN NS        suzdns2.amd.com.
> amd.com.                1H IN NS        nsmaster.amd.com.
> amd.com.                1H IN NS        seurdns1.amd.com.
> amd.com.                1H IN NS        shkgfile1.amd.com.
> ;; Total query time: 61 msec
> ;; FROM: qip-ent to SERVER: aus-la-ns1  163.181.250.235
> ;; WHEN: Thu Nov  7 09:55:00 2002
> ;; MSG SIZE  sent: 30  rcvd: 492
>
> 'dig +search <name>':
>
> ; <<>> DiG 8.2 <<>> +search nash.amd.com @aus-la-ns1
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17504
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 24, ADDITIONAL: 25
> ;;      nash.amd.com, type = A, class = IN
> nash.amd.com.           0S IN A         139.95.99.116
> amd.com.                1H IN NS        pngdns1.amd.com.
> amd.com.                1H IN NS        sgpdns1.amd.com.
> amd.com.                1H IN NS        suzdns1.amd.com.
> amd.com.                1H IN NS        suzdns2.amd.com.
> amd.com.                1H IN NS        nsmaster.amd.com.
> amd.com.                1H IN NS        seurdns1.amd.com.
> amd.com.                1H IN NS        shkgfile1.amd.com.
> amd.com.                1H IN NS        slave-232-2.amd.com.
> amd.com.                1H IN NS        ns1.amd.com.
> amd.com.                1H IN NS        ns2.amd.com.
> amd.com.                1H IN NS        ns5.amd.com.
> amd.com.                1H IN NS        ns6.amd.com.
> amd.com.                1H IN NS        ns7.amd.com.
> amd.com.                1H IN NS        ns8.amd.com.
> amd.com.                1H IN NS        ns9.amd.com.
> amd.com.                1H IN NS        fuji.amd.com.
> amd.com.                1H IN NS        ns10.amd.com.
> amd.com.                1H IN NS        ns11.amd.com.
> amd.com.                1H IN NS        ns12.amd.com.
> amd.com.                1H IN NS        ns13.amd.com.
> amd.com.                1H IN NS        f30ns1.amd.com.
> amd.com.                1H IN NS        f30ns2.amd.com.
> amd.com.                1H IN NS        vienna.amd.com.
> amd.com.                1H IN NS        bkkdns1.amd.com.
> ns1.amd.com.            1H IN A         139.95.53.235
> ns2.amd.com.            1H IN A         139.95.6.235
> ns5.amd.com.            1H IN A         139.95.27.235
> ns6.amd.com.            1H IN A         139.95.1.235
> ns7.amd.com.            1H IN A         163.181.1.2
> ns8.amd.com.            1H IN A         163.181.9.235
> ns9.amd.com.            1H IN A         163.181.52.235
> fuji.amd.com.           1H IN A         139.95.100.1
> ns10.amd.com.           1H IN A         163.181.88.235
> ns11.amd.com.           1H IN A         163.181.234.235
> ns12.amd.com.           1H IN A         172.28.4.253
> ns13.amd.com.           1H IN A         139.95.144.235
> f30ns1.amd.com.         1H IN A         172.20.3.235
> f30ns2.amd.com.         1H IN A         172.20.13.235
> vienna.amd.com.         1H IN A         163.181.61.42
> bkkdns1.amd.com.        1H IN A         165.204.128.235
> pngdns1.amd.com.        1H IN A         165.204.164.235
> sgpdns1.amd.com.        1H IN A         101.2.0.235
> suzdns1.amd.com.        1H IN A         165.204.224.33
> suzdns2.amd.com.        1H IN A         165.204.224.2
> nsmaster.amd.com.       1H IN A         172.28.13.229
> nsmaster.amd.com.       1H IN A         172.28.4.229
> seurdns1.amd.com.       1H IN A         165.204.82.235
> shkgfile1.amd.com.      1H IN A         139.95.102.95
> slave-232-2.amd.com.    1H IN A         163.181.232.109
> ;; Total query time: 164 msec
> ;; FROM: qip-ent to SERVER: aus-la-ns1  163.181.250.235
> ;; WHEN: Thu Nov  7 09:55:46 2002
> ;; MSG SIZE  sent: 30  rcvd: 936
>
> Thanks,
> Zack
>
> -----Original Message-----
> From: Mark.Andrews at isc.org [mailto:Mark.Andrews at isc.org]
> Sent: Wednesday, November 06, 2002 10:19 PM
> To: Nash, Zack
> Cc: bind-users at isc.org
> Subject: Re: BIND 9.2.1 and TCP
>
> >
> > The request is for a single A record, ( nash 3600 IN A 192.168.0.1 ), would t
> > his be too large to fit in a UDP packet.  Also we have BIND 8 servers that se
> > rve the same information and they do not revert to TCP for these records.  Co
> > uld this possibly be a misconfiguration on my part, or is there no way to res
> > trict the server to only using udp?
> > Thanks,
> > Zack
>
>         Why don't you show us what 'dig +ignoretc +search <name>' returns
>         then 'dig +search <name>'.
>
>         Mark
> >
> > -----Original Message-----
> > From: Mark.Andrews at isc.org [mailto:Mark.Andrews at isc.org]
> > Sent: Wednesday, November 06, 2002 4:25 PM
> > To: Nash, Zack
> > Cc: bind-users at isc.org
> > Subject: Re: BIND 9.2.1 and TCP
> >
> >
> >
> > > Hello,
> > >     I have noticed that my BIND 9.2.1 servers are requesting that my DNS Cl
> > > ients use TCP rather than UDP to resolve hostnames, for all queries against
> >  t
> > > his server.
> > >     My understanding is that UDP is used unless the packet is too large the
> > > n the server will request a TCP connection from the client.  I have seen th
> > is
> > >  occur for queries of a single A record.  Is this behavior a bug or is this
> >  a
> > >  new standard that is being implemented with the advent of BIND 9?
> > > Thanks,
> > > Zack
> >
> >       Well the answers must be too big to fit in the space available in a
> >       UDP response.  Remember the authority section can also trigger TC.
> >
> >       Mark
> > --
> > Mark Andrews, Internet Software Consortium
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org
> >
> >
> --
> Mark Andrews, Internet Software Consortium
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org





More information about the bind-users mailing list