Additional section in the query sent by named
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Thu Jan 16 23:09:05 UTC 2003
>
>
> Hi, there,
>
> It seems that the contents of the same queries sent by
> dig and named are different. To clarify, first, let's
> use dig to send an NS query for eb.fisc.com.tw. to
> 203.73.160.28 which is an authoritative name server
> for the domain fisc.com.tw.:
>
> ----------------------------------------------------------
> >dig @203.73.160.28 eb.fisc.com.tw. ns
>
> ; <<>> DiG 8.3 <<>> @203.73.160.28 eb.fisc.com.tw. ns
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; QUERY SECTION:
> ;; eb.fisc.com.tw, type = NS, class = IN
>
> ;; ANSWER SECTION:
> eb.fisc.com.tw. 1D IN NS lx1.fisc.com.tw.
>
> ;; ADDITIONAL SECTION:
> lx1.fisc.com.tw. 1D IN A 203.66.154.1
>
> ;; Total query time: 49 msec
> ;; FROM: xxx.xxx.xxx.xxx to SERVER: 203.73.160.28 203.73.160.28
> ;; WHEN: Thu Jan 16 22:42:12 2003
> ;; MSG SIZE sent: 32 rcvd: 66
> ----------------------------------------------------------
>
> Looks everything is ok. We got the answer. However,
> when I use dig to send the same query to my name
> server which runs 8.3.4 named, nothing is returned. A
> further investigation reveals that 211.74.149.68 does
> not respond to the query sent from my named.
211.74.149.68 is broken. It should respond with a error
code if it can't parse the packet. This is basic RFC1034 /
RFC 1035.
See RFC 2671: Extension Mechanisms for DNS (EDNS0)
Note: Named will retry the query without EDNS on the first
timeout.
Mark
> To
> figure out why, query packets sent from dig and my
> named are captured and shown below. It looks that they
> are different. The query sent by named has an
> additional section.
>
> ----------------------------------------------------------
> (packet sent by dig, dumped with 'tcpdump -nvvxX')
>
> 22:42:12.299880 192.168.64.30.4466 > 203.73.160.28.53: [udp sum ok] 4+ NS? e
> b.f
> isc.com.tw. (32) (ttl 64, id 16480, len 60)
> 0x0000 4500 003c 4060 0000 4011 ce24 c0a8 401e E..<@`.. at ..$.. at .
> 0x0010 cb49 a01c 1172 0035 0028 5647 0004 0100 .I...r.5.(VG....
> 0x0020 0001 0000 0000 0000 0265 6204 6669 7363 .........eb.fisc
> 0x0030 0363 6f6d 0274 7700 0002 0001 .com.tw.....
> ----------------------------------------------------------
>
> ----------------------------------------------------------
> (packet sent by named, dumped with 'tcpdump -nvvxX')
>
> 22:41:06.513667 192.168.64.30.4457 > 203.73.160.28.53: [udp sum ok] 46773 [1
> au]
> NS? eb.fisc.com.tw. ar: . OPT UDPsize=4096 (43) (ttl 64, id 16383, len 71)
> 0x0000 4500 0047 3fff 0000 4011 ce7a c0a8 401e E..G?... at ..z..@.
> 0x0010 cb49 a01c 1169 0035 0033 7777 b6b5 0000 .I...i.5.3ww....
> 0x0020 0001 0000 0000 0001 0265 6204 6669 7363 .........eb.fisc
> 0x0030 0363 6f6d 0274 7700 0002 0001 0000 2910 .com.tw.......).
> 0x0040 0000 0000 0000 00
> ----------------------------------------------------------
>
> Now, the question is, what is the additional section
> sent by named? Why does named send it in addition to
> the question section? Is there any reason for
> 203.73.160.28 not to respond when it receives a query
> with an additional section like the above?
>
> Any help will be greatly appreciated. Thanks.
>
> --
>
> Fuh-Jyi Chang
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list