'dig -t any ...' question

Ladislav Vobr lvobr at ies.etisalat.ae
Sat Jun 12 11:20:52 UTC 2004


jim, thanks for your support, unfortunately I have to go, I will go 
through you mail today evening,

I am really having problems, having bind retrying to authoritative 
servers, I am surprised that dig work for you, since it doesn't work for 
me and it tries for several time all the authoritative servers I have 
and than it times-out:-( I hope it might be configuration issue, but I 
doubt it.

I was really under impression, cache type *glue* is not provided to a 
recursive clients, that's how it works here for me:-(

just a sample

ns3.emirates.net.ae# jobs
[1]  + Running              snoop 10.1.1.1
ns3.emirates.net.ae#
ns3.emirates.net.ae#
ns3.emirates.net.ae# dig any ladislav.name.ae
ns3.emirates.net.ae -> 10.1.1.1     DNS C ladislav.name.ae. Internet * ?
ns3.emirates.net.ae -> 10.1.1.1     DNS C ladislav.name.ae. Internet * ?
ns3.emirates.net.ae -> 10.1.1.1     DNS C fake1.ladislav.name.ae. 
Internet Unknown (38) ?
ns3.emirates.net.ae -> 10.1.1.1     DNS C fake2.ladislav.name.ae. 
Internet Unknown (38) ?
ns3.emirates.net.ae -> 10.1.1.1     DNS C fake3.ladislav.name.ae. 
Internet Unknown (38) ?
ns3.emirates.net.ae -> 10.1.1.1     DNS C fake4.ladislav.name.ae. 
Internet Unknown (38) ?
ns3.emirates.net.ae -> 10.1.1.1     DNS C fake5.ladislav.name.ae. 
Internet Unknown (38) ?

; <<>> DiG 9.2.3 <<>> any ladislav.name.ae
;; global options:  printcmd
;; connection timed out; no servers could be reached

ns3.emirates.net.ae# dig any ladislav.name.ae +norec

; <<>> DiG 9.2.3 <<>> any ladislav.name.ae +norec
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47234
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;ladislav.name.ae.              IN      ANY

;; AUTHORITY SECTION:
ladislav.name.ae.       3278    IN      NS      fake2.ladislav.name.ae.
ladislav.name.ae.       3278    IN      NS      fake3.ladislav.name.ae.
ladislav.name.ae.       3278    IN      NS      fake4.ladislav.name.ae.
ladislav.name.ae.       3278    IN      NS      fake5.ladislav.name.ae.
ladislav.name.ae.       3278    IN      NS      fake1.ladislav.name.ae.

;; Query time: 42 msec
;; SERVER: 194.170.1.99#53(194.170.1.99)
;; WHEN: Sat Jun 12 15:24:18 2004
;; MSG SIZE  rcvd: 134

can you explain this ?

Ladislav


Jim Reid wrote:
>>>>>>"Ladislav" == Ladislav Vobr <lvobr at ies.etisalat.ae> writes:
> 
> 
>     Ladislav> what's so special about ANY? 
> 
> Nothing. You just don't seem to understand what it means. A QYTPE of
> ANY means "give me whatever RRs you have for this name". That's all.
> See my earlier posting for more info.
> 
>     Ladislav> Why any recursive servers don't do it's best to satisfy
>     Ladislav> the recursive client with the reply from the authoritative
>     Ladislav> server, that's why we call it recursive right?
> 
> Wrong. We call it recursive because the server is able to recursively
> make iterative queries to resolve a query on behalf of some client.
> It doesn't mean the server does that: it can answer from its cache
> which might or might not have been populated with data returned from
> earlier queries to authoritative servers. No assumptions can or should
> be made about how a recursive server provides answers. It should of
> course interrogate authoritative servers when nothing has been
> cached. But that cannot be guaranteed. And even if it does query
> authoritative servers, the answer might not be correct. The DNS is
> loosely coupled remember. It can take time for a zone's authoritative
> servers to converge on the same copy of the zone data after the zone
> gets updated. They don't all update the zone simultaneously.
> 
> You seem to think that an ANY QTYPE means a server must retrieve every
> RR for the name. That's not the case. In fact this is impossible. The
> master server could change the RRs immediately after answering your
> hypothetical EVERY query before that reply gets back to the client.
> It's not even the case that a server must query an authoritative
> server in order to respond to an ANY query.
> 
> Remember too that one of the key strengths of the DNS is caching. In
> some sense this means that recursive servers are lazy. They'll answer
> from cache every time unless there's nothing relevant in the cache and
> they're forced to resolve something. This is why people need to think
> carefully about TTL values. How many times have we seen postings here
> where there's been a long-lived TTL for a web or mail server that then
> gets renumbered and the poster whines that traffic still goes to the
> old address even though they've updated the zone?
> 
>     Ladislav> to do this kind of work for the
>     Ladislav> client, how can it take answer from the parent and
>     Ladislav> consider the task done?
> 
> Because that's how the DNS works.
> 
>     Ladislav> I have problem with ladislav.name.ae
> 
>          .... snipped ....
> 
> This appears to be either a wierd local set-up or else you have a
> misunderstanding of what's going on.
> 



More information about the bind-users mailing list