Additional section in the query sent by named

Mark_Andrews at isc.org Mark_Andrews at isc.org
Thu Jan 16 23:09:05 UTC 2003


> 
> 
> Hi, there, 
> 
> It seems that the contents of the same queries sent by
> dig and named are different.  To clarify, first, let's
> use dig to send an NS query for eb.fisc.com.tw. to
> 203.73.160.28 which is an authoritative name server
> for the domain fisc.com.tw.:
> 
> ----------------------------------------------------------
> >dig @203.73.160.28 eb.fisc.com.tw. ns
> 
> ; <<>> DiG 8.3 <<>> @203.73.160.28 eb.fisc.com.tw. ns
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
> ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> ;; QUERY SECTION:
> ;;      eb.fisc.com.tw, type = NS, class = IN
> 
> ;; ANSWER SECTION:
> eb.fisc.com.tw.         1D IN NS        lx1.fisc.com.tw.
> 
> ;; ADDITIONAL SECTION:
> lx1.fisc.com.tw.        1D IN A         203.66.154.1
> 
> ;; Total query time: 49 msec
> ;; FROM: xxx.xxx.xxx.xxx to SERVER: 203.73.160.28  203.73.160.28
> ;; WHEN: Thu Jan 16 22:42:12 2003
> ;; MSG SIZE  sent: 32  rcvd: 66
> ----------------------------------------------------------
> 
> Looks everything is ok.  We got the answer.  However,
> when I use dig to send the same query to my name
> server which runs 8.3.4 named, nothing is returned.  A
> further investigation reveals that 211.74.149.68 does
> not respond to the query sent from my named.

	211.74.149.68 is broken.   It should respond with a error
	code if it can't parse the packet.  This is basic RFC1034 /
	RFC 1035.

	See RFC 2671: Extension Mechanisms for DNS (EDNS0)

	Note:  Named will retry the query without EDNS on the first
	timeout.

	Mark

> To
> figure out why, query packets sent from dig and my
> named are captured and shown below. It looks that they
> are different.  The query sent by named has an
> additional section.
> 
> ----------------------------------------------------------
> (packet sent by dig, dumped with 'tcpdump -nvvxX')
> 
> 22:42:12.299880 192.168.64.30.4466 > 203.73.160.28.53: [udp sum ok]  4+ NS? e
> b.f
> isc.com.tw. (32) (ttl 64, id 16480, len 60)
> 0x0000   4500 003c 4060 0000 4011 ce24 c0a8 401e        E..<@`.. at ..$.. at .
> 0x0010   cb49 a01c 1172 0035 0028 5647 0004 0100        .I...r.5.(VG....
> 0x0020   0001 0000 0000 0000 0265 6204 6669 7363        .........eb.fisc
> 0x0030   0363 6f6d 0274 7700 0002 0001                  .com.tw.....
> ----------------------------------------------------------
> 
> ----------------------------------------------------------
> (packet sent by named, dumped with 'tcpdump -nvvxX')
> 
> 22:41:06.513667 192.168.64.30.4457 > 203.73.160.28.53: [udp sum ok]  46773 [1
> au]
>  NS? eb.fisc.com.tw. ar: . OPT UDPsize=4096 (43) (ttl 64, id 16383, len 71)
> 0x0000   4500 0047 3fff 0000 4011 ce7a c0a8 401e        E..G?... at ..z..@.
> 0x0010   cb49 a01c 1169 0035 0033 7777 b6b5 0000        .I...i.5.3ww....
> 0x0020   0001 0000 0000 0001 0265 6204 6669 7363        .........eb.fisc
> 0x0030   0363 6f6d 0274 7700 0002 0001 0000 2910        .com.tw.......).
> 0x0040   0000 0000 0000 00
> ----------------------------------------------------------
> 
> Now, the question is, what is the additional section
> sent by named?  Why does named send it in addition to
> the question section?  Is there any reason for
> 203.73.160.28 not to respond when it receives a query
> with an additional section like the above?
> 
> Any help will be greatly appreciated.  Thanks.
> 
> -- 
> 
>   Fuh-Jyi Chang
> 

--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list