resolver's behavior
Kevin Darcy
kcd at daimlerchrysler.com
Thu Apr 20 23:35:25 UTC 2006
Frank Y.F. Luo wrote:
>I am a little confused about a resolver's behavior, like ping command,
>nslookup command,
>
>I am querying against a DNS server with recursive turned off
>
>#dig www.slashdot.com
>
>; <<>> DiG 9.2.4 <<>> www.slashdot.com
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1794
>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 0
>
>;; QUESTION SECTION:
>;www.slashdot.com. IN A
>
>;; AUTHORITY SECTION:
>. 3600000 IN NS K.ROOT-SERVERS.NET.
>. 3600000 IN NS L.ROOT-SERVERS.NET.
>. 3600000 IN NS M.ROOT-SERVERS.NET.
>. 3600000 IN NS A.ROOT-SERVERS.NET.
>. 3600000 IN NS B.ROOT-SERVERS.NET.
>. 3600000 IN NS C.ROOT-SERVERS.NET.
>. 3600000 IN NS D.ROOT-SERVERS.NET.
>. 3600000 IN NS E.ROOT-SERVERS.NET.
>. 3600000 IN NS F.ROOT-SERVERS.NET.
>. 3600000 IN NS G.ROOT-SERVERS.NET.
>. 3600000 IN NS H.ROOT-SERVERS.NET.
>. 3600000 IN NS I.ROOT-SERVERS.NET.
>. 3600000 IN NS J.ROOT-SERVERS.NET.
>
>;; Query time: 23 msec
>;
>
>However, if i ping www.slashdot.com
>#ping www.slashdot.com
>PING slashdot.com (66.35.250.150): 56 data bytes
>
>Obviously, ping got the name resolved! but How? I am confused
>
>Also I did the same test on a Solaris box, dig returned the same message
>however the ping returned "unknown host www.slashdot.com.
>
Command-line tools like "ping" typically use the "system" resolver,
which is usually configurable (via a system config file like
/etc/nsswitch.conf or the like) and may or may not even include DNS as
one of its sources of name information. If the system resolver does look
at DNS at all, it'll do so by generating recursive rather than
non-recursive queries. So for a valid comparison to what "ping" is
seeing, you should do recursive rather than non-recursive queries.
Or, were you looking for a primer on what recursion is/means in the
context of DNS name resolution?
- Kevin
More information about the bind-users
mailing list