Are those extra/useless queries? (fwd)
Hao Shang
hao at cs.wpi.edu
Tue Mar 2 16:38:41 UTC 2004
I have asked this question in the bind9-users list, but it seems
the bind-users is the right place to post it.
---------- Forwarded message ----------
Date: Mon, 1 Mar 2004 16:17:58 -0500 (EST)
From: Hao Shang <hao at cs.wpi.edu>
To: bind9-users at isc.org
Subject: Are those extra/useless queries?
Hi There,
I installed Bind 9.2.3. on a linux machine. By using tcpdump I
observed some unexpected behaviors (see below). Is those due to my wrong
configuration or the supposed behaviors? Thanks for your comments.
For your reference, I attached the DNS dump file captured by tcpdump. It
includes all DNS packets involved in resolving "www.cnn.com" and
"www.buy.com". It is in pcap format and should be readable by both tcpdump
and earthreal.
1) EDNS0 : Bind 9.2.3 always tries to send a query with EDNS0 additional
record. If the remote server response with error, it resends a query
without EDNS0.
I know there is an option in the configuration to disable it. But is it
the default behavior?
2) IPv6 : Bind 9.2.3 sometimes tries to send queries on both ip and ipv6
(type a6 or aaaa).
There is an option in the configuration to disable ipv6. But what
I don't understand is why it sometimes send queries for IPv6,
sometimes not?
3) Canonical Name: In the Answer section, the first RR could be a
canonical name followed by RRs giving resolutions for the canonical
name. The strange thing is why it sends query again for the canonical
name even the answers are already included before.
Is there an option to tune this behavior?
4) NS RRs: In the Authoritative Nameservers section of a response,
name server RRs for a zone are given. And resolutions for them are
given in the Additional Section. But I observed sometimes (not
always) Bind sends queries for those server names again even
resolutions for them are attached before.
Is there any option to control this behavior?
Putting all 1) - 4) together incurs many packets for resolving a
single name.
Thanks for your help.
----
Hao
12:56:40.048262 192.168.1.2.1028 > 128.9.0.107.domain: 48259 [b2&3=0x10]
[1au] A? www.cnn.com. (40)
12:56:40.048962 192.168.1.2.1028 > 128.9.0.107.domain: 33957 [b2&3=0x10]
[1au] NS? . (28)
12:56:40.131910 128.9.0.107.domain > 192.168.1.2.1028: 48259 FormErr- [0q]
0/0/0 (12) (DF)
12:56:40.132145 192.168.1.2.1028 > 128.9.0.107.domain: 6038 A?
www.cnn.com. (29)
12:56:40.132550 128.9.0.107.domain > 192.168.1.2.1028: 33957 FormErr- [0q]
0/0/0 (12) (DF)
12:56:40.132664 192.168.1.2.1028 > 128.9.0.107.domain: 3019 NS? . (17)
12:56:40.216022 128.9.0.107.domain > 192.168.1.2.1028: 6038- 0/13/13 (461)
(DF)
12:56:40.216645 128.9.0.107.domain > 192.168.1.2.1028: 3019*- 13/0/13 NS
E.ROOT-SERVERS.NET., NS D.ROOT-SERVERS.NET., NS A.ROOT-SERVERS.NET., NS
H.ROOT-SERVERS.NET., NS C.ROOT-SERVERS.NET., NS G.ROOT-SERVERS.NET., NS
F.ROOT-SERVERS.NET., NS B.ROOT-SERVERS.NET., NS J.ROOT-SERVERS.NET., NS
K.ROOT-SERVERS.NET., NS L.ROOT-SERVERS.NET., NS M.ROOT-SERVERS.NET., NS
I.ROOT-SERVERS.NET. (436) (DF)
12:56:40.218311 192.168.1.2.1028 > 192.31.80.30.domain: 18541 [b2&3=0x10]
[1au] A? www.cnn.com. (40)
12:56:40.260038 192.31.80.30.domain > 192.168.1.2.1028: 18541 FormErr-
[0q] 0/0/0 (12) (DF)
12:56:40.260225 192.168.1.2.1028 > 192.31.80.30.domain: 383 A?
www.cnn.com. (29)
12:56:40.302677 192.31.80.30.domain > 192.168.1.2.1028: 383- 0/4/4 (192)
(DF)
12:56:40.303653 192.168.1.2.1028 > 152.163.239.216.domain: 26908
[b2&3=0x10] [1au] A? www.cnn.com. (40)
12:56:40.318362 152.163.239.216.domain > 192.168.1.2.1028: 26908*- 9/4/1
CNAME cnn.com., A 64.236.16.84, A 64.236.16.116, A 64.236.24.4, A
64.236.24.12, A 64.236.24.20, A 64.236.24.28, A 64.236.16.20, A
64.236.16.52 (281) (DF)
12:56:40.319328 192.168.1.2.1028 > 205.188.146.88.domain: 13454
[b2&3=0x10] [1au] A? cnn.com. (36)
12:56:40.334895 205.188.146.88.domain > 192.168.1.2.1028: 13454*- 8/4/1 A
64.236.16.116, A 64.236.24.4, A 64.236.24.12, A 64.236.24.20, A
64.236.24.28, A 64.236.16.20, A 64.236.16.52, A 64.236.16.84 (263) (DF)
12:56:45.869252 192.168.1.2.1028 > 192.48.79.30.domain: 19724 [b2&3=0x10]
[1au] A? www.buy.com. (40)
12:56:45.884445 192.48.79.30.domain > 192.168.1.2.1028: 19724 FormErr-
[0q] 0/0/0 (12) (DF)
12:56:45.884670 192.168.1.2.1028 > 192.48.79.30.domain: 37691 A?
www.buy.com. (29)
12:56:45.903397 192.48.79.30.domain > 192.168.1.2.1028: 37691- 0/4/4 (185)
(DF)
12:56:45.904904 192.168.1.2.1028 > 209.67.181.9.domain: 34669 [b2&3=0x10]
[1au] A? www.buy.com. (40)
12:56:45.905902 192.168.1.2.1028 > 192.33.4.12.domain: 21089 [b2&3=0x10]
[1au] A? dns02.cw.net. (41)
12:56:45.906815 192.168.1.2.1028 > 192.33.4.12.domain: 28924 [b2&3=0x10]
[1au] Type38? dns02.cw.net. (41)
12:56:45.907751 192.168.1.2.1028 > 192.33.4.12.domain: 40007 [b2&3=0x10]
[1au] A? dns01.cw.net. (41)
12:56:45.908671 192.168.1.2.1028 > 192.33.4.12.domain: 39886 [b2&3=0x10]
[1au] Type38? dns01.cw.net. (41)
12:56:45.909641 192.168.1.2.1028 > 192.33.4.12.domain: 59100 [b2&3=0x10]
[1au] A? dns03.cw.net. (41)
12:56:45.910544 192.168.1.2.1028 > 192.33.4.12.domain: 31226 [b2&3=0x10]
[1au] Type38? dns03.cw.net. (41)
12:56:45.932086 192.33.4.12.domain > 192.168.1.2.1028: 21089- 0/13/14
(470)
12:56:45.934364 192.168.1.2.1028 > 192.52.178.30.domain: 24164 [b2&3=0x10]
[1au] A? dns02.cw.net. (41)
12:56:45.988700 209.67.181.9.domain > 192.168.1.2.1028: 34669 FormErr-
0/0/1 (40)
12:56:45.988881 192.168.1.2.1028 > 209.67.181.9.domain: 55252 A?
www.buy.com. (29)
12:56:46.030434 192.52.178.30.domain > 192.168.1.2.1028: 24164 FormErr-
[0q] 0/0/0 (12) (DF)
12:56:46.030560 192.168.1.2.1028 > 192.52.178.30.domain: 27626 A?
dns02.cw.net. (30)
12:56:46.070796 209.67.181.9.domain > 192.168.1.2.1028: 55252* 1/0/0 CNAME
www.buy.com.edgesuite.net. (68)
12:56:46.072221 192.168.1.2.1028 > 192.35.51.30.domain: 13813 [b2&3=0x10]
[1au] A? www.buy.com.edgesuite.net. (54)
12:56:46.130744 192.52.178.30.domain > 192.168.1.2.1028: 27626- 1/5/5 A
209.1.222.245 (215) (DF)
12:56:46.156945 192.35.51.30.domain > 192.168.1.2.1028: 13813 FormErr-
[0q] 0/0/0 (12) (DF)
12:56:46.157107 192.168.1.2.1028 > 192.35.51.30.domain: 55732 A?
www.buy.com.edgesuite.net. (43)
12:56:46.247006 192.35.51.30.domain > 192.168.1.2.1028: 55732- 0/8/8 (333)
(DF)
12:56:46.248497 192.168.1.2.1028 > 63.241.73.214.domain: 27866 [b2&3=0x10]
[1au] A? www.buy.com.edgesuite.net. (54)
12:56:46.322553 63.241.73.214.domain > 192.168.1.2.1028: 27866 FormErr-
[0q] 0/0/0 (12)
12:56:46.322693 192.168.1.2.1028 > 63.241.73.214.domain: 13933 A?
www.buy.com.edgesuite.net. (43)
12:56:46.404457 63.241.73.214.domain > 192.168.1.2.1028: 13933- 1/8/8
CNAME a145.g.akamai.net. (335)
12:56:46.406015 192.168.1.2.1028 > 192.55.83.30.domain: 49604 [b2&3=0x10]
[1au] A? a145.g.akamai.net. (46)
12:56:46.681036 192.55.83.30.domain > 192.168.1.2.1028: 49604 FormErr-
[0q] 0/0/0 (12) (DF)
12:56:46.681226 192.168.1.2.1028 > 192.55.83.30.domain: 57570 A?
a145.g.akamai.net. (35)
12:56:46.959512 192.55.83.30.domain > 192.168.1.2.1028: 57570- 0/13/13
(475) (DF)
12:56:46.961884 192.168.1.2.1028 > 193.108.154.17.domain: 28785
[b2&3=0x10] [1au] A? a145.g.akamai.net. (46)
12:56:47.135288 193.108.154.17.domain > 192.168.1.2.1028: 28785 FormErr-
[0q] 0/0/0 (12) (DF)
12:56:47.135441 192.168.1.2.1028 > 193.108.154.17.domain: 7667 A?
a145.g.akamai.net. (35)
12:56:47.309610 193.108.154.17.domain > 192.168.1.2.1028: 7667- 0/9/9
(341) (DF)
12:56:47.311234 192.168.1.2.1028 > 209.210.251.242.domain: 36417
[b2&3=0x10] [1au] A? a145.g.akamai.net. (46)
12:56:47.424848 209.210.251.242.domain > 192.168.1.2.1028: 36417 FormErr-
[0q] 0/0/0 (12) (DF)
12:56:47.425002 192.168.1.2.1028 > 209.210.251.242.domain: 50121 A?
a145.g.akamai.net. (35)
12:56:47.526190 209.210.251.242.domain > 192.168.1.2.1028: 50121*- 2/0/0 A
63.208.194.79, A 63.208.194.87 (67) (DF)
12:56:47.911967 192.168.1.2.1028 > 192.203.230.10.domain: 4487 [b2&3=0x10]
[1au] Type38? dns02.cw.net. (41)
12:56:47.912070 192.168.1.2.1028 > 192.203.230.10.domain: 62617
[b2&3=0x10] [1au] A? dns01.cw.net. (41)
12:56:47.912150 192.168.1.2.1028 > 192.203.230.10.domain: 8720 [b2&3=0x10]
[1au] Type38? dns01.cw.net. (41)
12:56:47.912231 192.168.1.2.1028 > 192.203.230.10.domain: 51452
[b2&3=0x10] [1au] A? dns03.cw.net. (41)
12:56:47.912308 192.168.1.2.1028 > 192.203.230.10.domain: 25726
[b2&3=0x10] [1au] Type38? dns03.cw.net. (41)
12:56:48.043530 192.203.230.10.domain > 192.168.1.2.1028: 4487- 0/13/14
(470)
12:56:48.045177 192.168.1.2.1028 > 204.70.57.242.domain: 12863 [b2&3=0x10]
[1au] Type38? dns02.cw.net. (41)
12:56:48.104541 192.203.230.10.domain > 192.168.1.2.1028: 62617- 0/13/14
(470)
12:56:48.105768 192.168.1.2.1028 > 204.70.57.242.domain: 37967 [b2&3=0x10]
[1au] A? dns01.cw.net. (41)
12:56:48.125482 204.70.57.242.domain > 192.168.1.2.1028: 12863* 0/1/1 (92)
(DF)
12:56:48.126418 192.168.1.2.1028 > 204.71.116.25.domain: 9763 [b2&3=0x10]
[1au] AAAA? dns02.cw.net. (41)
12:56:48.151927 204.71.116.25.domain > 192.168.1.2.1028: 9763*- 0/1/1 (92)
(DF)
12:56:48.154154 192.203.230.10.domain > 192.168.1.2.1028: 8720- 0/13/14
(470)
12:56:48.155328 192.168.1.2.1028 > 204.70.25.234.domain: 37545 [b2&3=0x10]
[1au] Type38? dns01.cw.net. (41)
12:56:48.170286 204.70.25.234.domain > 192.168.1.2.1028: 37545* 0/1/1 (92)
(DF)
12:56:48.171202 192.168.1.2.1028 > 204.70.128.1.domain: 42178 [b2&3=0x10]
[1au] AAAA? dns01.cw.net. (41)
12:56:48.186224 204.70.57.242.domain > 192.168.1.2.1028: 37967* 1/5/6 A
209.1.222.244 (226) (DF)
12:56:48.208428 204.70.128.1.domain > 192.168.1.2.1028: 42178* 0/1/1 (92)
(DF)
12:56:49.921964 192.168.1.2.1028 > 193.0.14.129.domain: 53857 [b2&3=0x10]
[1au] A? dns03.cw.net. (41)
12:56:49.922047 192.168.1.2.1028 > 193.0.14.129.domain: 1189 [b2&3=0x10]
[1au] Type38? dns03.cw.net. (41)
12:56:50.017260 193.0.14.129.domain > 192.168.1.2.1028: 53857- 0/13/14
(470) (DF)
12:56:50.017674 193.0.14.129.domain > 192.168.1.2.1028: 1189- 0/13/14
(470) (DF)
12:56:50.018547 192.168.1.2.1028 > 204.70.49.234.domain: 55818 [b2&3=0x10]
[1au] A? dns03.cw.net. (41)
12:56:50.019705 192.168.1.2.1028 > 204.70.49.234.domain: 27909 [b2&3=0x10]
[1au] Type38? dns03.cw.net. (41)
12:56:50.097529 204.70.49.234.domain > 192.168.1.2.1028: 55818* 1/5/6 A
209.1.222.246 (226) (DF)
12:56:50.097659 204.70.49.234.domain > 192.168.1.2.1028: 27909* 0/1/1 (92)
(DF)
12:56:50.098935 192.168.1.2.1028 > 204.70.25.234.domain: 28787 [b2&3=0x10]
[1au] AAAA? dns03.cw.net. (41)
12:56:50.108441 204.70.25.234.domain > 192.168.1.2.1028: 28787* 0/1/1 (92)
(DF)
More information about the bind-users
mailing list