Why "dig foo" fails but "dig +trace foo" succeeds?

Mark Andrews Mark_Andrews at isc.org
Wed Nov 17 22:07:13 UTC 2004


> On Wed, 2004-11-17 at 16:38, Mark Andrews wrote:
> > > > 	Next you want to eliminate a broken/misconfigured firewall
> > > > 	from the problem space.  You should be able to get a answer
> > > > 	to both of these queries.  If you don't you need to fix your
> > > > 	firewall to handle EDNS queries.
> > > > 	
> > > > 		dig +bufsiz=4096 www.powweb.com @a.root-servers.net
> > > > 		dig www.powweb.com @a.root-servers.net
> > > 
> > > Both queries failed, so we've opened up a call to the firewall vendor as 
> well
> > > .
> >  
> > 	I would expect the "+bufsiz=4096" one to fail and the other
> > 	to succeed.
> 
> For completeness, here is what I see:
> 
> 
> 
> wicket 82# dig +bufsiz=4096 www.powweb.com @a.root-servers.net
>  
> ; <<>> DiG 9.2.4rc6 <<>> +bufsiz=4096 www.powweb.com @a.root-servers.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7158
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 16
>  
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;www.powweb.com.                        IN      A
>  
> ;; AUTHORITY SECTION:
> com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
>  
> ;; ADDITIONAL SECTION:
> A.GTLD-SERVERS.NET.     172800  IN      AAAA    2001:503:a83e::2:30
> A.GTLD-SERVERS.NET.     172800  IN      A       192.5.6.30
> G.GTLD-SERVERS.NET.     172800  IN      A       192.42.93.30
> H.GTLD-SERVERS.NET.     172800  IN      A       192.54.112.30
> C.GTLD-SERVERS.NET.     172800  IN      A       192.26.92.30
> I.GTLD-SERVERS.NET.     172800  IN      A       192.43.172.30
> B.GTLD-SERVERS.NET.     172800  IN      AAAA    2001:503:231d::2:30
> B.GTLD-SERVERS.NET.     172800  IN      A       192.33.14.30
> D.GTLD-SERVERS.NET.     172800  IN      A       192.31.80.30
> L.GTLD-SERVERS.NET.     172800  IN      A       192.41.162.30
> F.GTLD-SERVERS.NET.     172800  IN      A       192.35.51.30
> J.GTLD-SERVERS.NET.     172800  IN      A       192.48.79.30
> K.GTLD-SERVERS.NET.     172800  IN      A       192.52.178.30
> E.GTLD-SERVERS.NET.     172800  IN      A       192.12.94.30
> M.GTLD-SERVERS.NET.     172800  IN      A       192.55.83.30
>  
> ;; Query time: 17 msec
> ;; SERVER: 198.41.0.4#53(a.root-servers.net)
> ;; WHEN: Wed Nov 17 16:48:08 2004
> ;; MSG SIZE  rcvd: 531

	Good your firewall is *not* blocking large (> 512) EDNS responses.

	These are referrals from the root servers to the com servers and
	are as expected.
 
> wicket 83# dig www.powweb.com @a.root-servers.net
>  
> ; <<>> DiG 9.2.4rc6 <<>> www.powweb.com @a.root-servers.net
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1738
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14
>  
> ;; QUESTION SECTION:
> ;www.powweb.com.                        IN      A
>  
> ;; AUTHORITY SECTION:
> com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
> com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
>  
> ;; ADDITIONAL SECTION:
> A.GTLD-SERVERS.NET.     172800  IN      AAAA    2001:503:a83e::2:30
> A.GTLD-SERVERS.NET.     172800  IN      A       192.5.6.30
> G.GTLD-SERVERS.NET.     172800  IN      A       192.42.93.30
> H.GTLD-SERVERS.NET.     172800  IN      A       192.54.112.30
> C.GTLD-SERVERS.NET.     172800  IN      A       192.26.92.30
> I.GTLD-SERVERS.NET.     172800  IN      A       192.43.172.30
> B.GTLD-SERVERS.NET.     172800  IN      AAAA    2001:503:231d::2:30
> B.GTLD-SERVERS.NET.     172800  IN      A       192.33.14.30
> D.GTLD-SERVERS.NET.     172800  IN      A       192.31.80.30
> L.GTLD-SERVERS.NET.     172800  IN      A       192.41.162.30
> F.GTLD-SERVERS.NET.     172800  IN      A       192.35.51.30
> J.GTLD-SERVERS.NET.     172800  IN      A       192.48.79.30
> K.GTLD-SERVERS.NET.     172800  IN      A       192.52.178.30
> E.GTLD-SERVERS.NET.     172800  IN      A       192.12.94.30
>  
> ;; Query time: 16 msec
> ;; SERVER: 198.41.0.4#53(a.root-servers.net)
> ;; WHEN: Wed Nov 17 16:48:18 2004
> ;; MSG SIZE  rcvd: 504
>  
> 
> 
> -- 
>  Norman Joseph, System Engineer             joseph at ctc.com        IC|XC
>  Concurrent Technologies Corporation         814/269.2633         --+--
>  Federal Systems Group/IT & Systems Engineering                   NI|KA
> 
>       ***** If we don't change the direction we are headed, *****
>                   we will end up where we are going.
> 
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the bind-users mailing list