root servers and ipv6

hubcap at CLEMSON.EDU hubcap at CLEMSON.EDU
Tue Oct 9 20:30:14 UTC 2007 

Greetings...

I'm to understand that the root nameservers should rarely be queried.

I would expect the root nameservers to be hit when bind restarts as
the initial queries for this.com and that.net are fielded, but once
bind has cached the servers for most of the top level domains (com and net
and edu and ...) the root nameservers should mostly be left alone.

So... I did this on one of our nameservers:

snoop -o /tmp/snoop.out host G.ROOT-SERVERS.NET or J.ROOT-SERVERS.NET or
K.ROOT-SERVERS.NET or L.ROOT-SERVERS.NET or M.ROOT-SERVERS.NET or
A.ROOT-SERVERS.NET or H.ROOT-SERVERS.NET or B.ROOT-SERVERS.NET or
C.ROOT-SERVERS.NET or D.ROOT-SERVERS.NET or E.ROOT-SERVERS.NET or
I.ROOT-SERVERS.NET or F.ROOT-SERVERS.NET

... and ran it for 45 minutes or so and studied the result.

Sure enough, occasionally I saw some TLD that probably hadn't already been
asked for get queried:

IP:   Source address = bloot, spoo
IP:   Destination address = 128.8.10.90, d.root-servers.net
DNS:  1 question(s)
DNS:      Domain Name: hn.kd.dhcp.

IP:   Source address = 128.8.10.90, d.root-servers.net
IP:   Destination address = bloot, spoo
DNS:  Response Code: 3 (Name Error)

(no wonder nobody had asked for that yet <g>...)

But I saw a ton of IPv6 related queries for stuff that just didn't
seem right:

IP:   Source address = bloot, spoo
IP:   Destination address = 128.8.10.90, d.root-servers.net
DNS:      Domain Name: asia1.kintera.com.
DNS:      Type:  28 (IPv6 Address)

IP:   Source address = bloot, spoo
IP:   Destination address = 192.33.4.12, c.root-servers.net
DNS:      Domain Name: asia1.kintera.com.
DNS:      Type:  28 (IPv6 Address)

IP:   Source address = bloot, spoo
IP:   Destination address = 198.41.0.4, a.root-servers.net
DNS:      Domain Name: asia1.kintera.com.
DNS:      Type:  28 (IPv6 Address)

IP:   Source address = bloot, spoo
IP:   Destination address = 202.12.27.33, m.root-servers.net
DNS:      Domain Name: asia1.kintera.com.
DNS:      Type:  28 (IPv6 Address)


... so then the answer would come back, and it would be all the normal
gtld dotcom servers that you would expect.

It's as if we're not caching the answer for ipv6 questions, or something.

I'm guessing that I have something configured wrong or am confused about
some fundamental concept.

If everyone's named is sending this much unnecessary stuff to the root
servers, it seems like it would be a giant problem.

bind-9.4.1-P1, solaris 10.

-Mike

More information about the bind-users mailing list