Question about dig +trace

Maechler Philippe plcmaechler at vtxmail.ch
Mon Apr 14 09:07:33 UTC 2008


Does anybody have an idea why i can't do a dig +trace anymore

My config is:
 > more /etc/resolv.conf
nameserver 127.0.0.1


 > dig +trace -x 80.242.194.146
; <<>> DiG 9.4.1-P1 <<>> +trace -x 80.242.194.146
;; global options:  printcmd
.                       408270  IN      NS      D.ROOT-SERVERS.NET.
.                       408270  IN      NS      J.ROOT-SERVERS.NET.
.                       408270  IN      NS      G.ROOT-SERVERS.NET.
.                       408270  IN      NS      F.ROOT-SERVERS.NET.
.                       408270  IN      NS      I.ROOT-SERVERS.NET.
.                       408270  IN      NS      B.ROOT-SERVERS.NET.
.                       408270  IN      NS      M.ROOT-SERVERS.NET.
.                       408270  IN      NS      K.ROOT-SERVERS.NET.
.                       408270  IN      NS      A.ROOT-SERVERS.NET.
.                       408270  IN      NS      E.ROOT-SERVERS.NET.
.                       408270  IN      NS      H.ROOT-SERVERS.NET.
.                       408270  IN      NS      C.ROOT-SERVERS.NET.
.                       408270  IN      NS      L.ROOT-SERVERS.NET.
;; Received 500 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

80.in-addr.arpa.        86400   IN      NS      NS3.NIC.FR.
80.in-addr.arpa.        86400   IN      NS      SEC1.APNIC.NET.
80.in-addr.arpa.        86400   IN      NS      SEC3.APNIC.NET.
80.in-addr.arpa.        86400   IN      NS      SUNIC.SUNET.SE.
80.in-addr.arpa.        86400   IN      NS      NS-EXT.ISC.ORG.
80.in-addr.arpa.        86400   IN      NS      NS-PRI.RIPE.NET.
80.in-addr.arpa.        86400   IN      NS      TINNIE.ARIN.NET.
;; Received 224 bytes from 192.36.148.17#53(I.ROOT-SERVERS.NET) in 24 ms

;; connection timed out; no servers could be reached


If I do the queries by hand i get correct results..



 > dig -x 80.242.194.146 @d.root-servers.net
; <<>> DiG 9.4.1-P1 <<>> -x 80.242.194.146 @d.root-servers.net
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27813
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;146.194.242.80.in-addr.arpa.   IN      PTR

;; AUTHORITY SECTION:
80.in-addr.arpa.        86400   IN      NS      SEC3.APNIC.NET.
80.in-addr.arpa.        86400   IN      NS      TINNIE.ARIN.NET.
80.in-addr.arpa.        86400   IN      NS      NS3.NIC.FR.
80.in-addr.arpa.        86400   IN      NS      SEC1.APNIC.NET.
80.in-addr.arpa.        86400   IN      NS      NS-EXT.ISC.ORG.
80.in-addr.arpa.        86400   IN      NS      NS-PRI.RIPE.NET.
80.in-addr.arpa.        86400   IN      NS      SUNIC.SUNET.SE.

;; Query time: 101 msec
;; SERVER: 128.8.10.90#53(128.8.10.90)
;; WHEN: Thu Apr 10 15:30:51 2008
;; MSG SIZE  rcvd: 224




 > dig -x 80.242.194.146 @ns-pri.ripe.net
; <<>> DiG 9.4.1-P1 <<>> -x 80.242.194.146 @ns-pri.ripe.net
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10254
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;146.194.242.80.in-addr.arpa.   IN      PTR

;; AUTHORITY SECTION:
194.242.80.in-addr.arpa. 172800 IN      NS      dns1.glattnet.ch.
194.242.80.in-addr.arpa. 172800 IN      NS      dns2.glattnet.ch.

;; Query time: 33 msec
;; SERVER: 193.0.0.195#53(193.0.0.195)
;; WHEN: Thu Apr 10 15:31:06 2008
;; MSG SIZE  rcvd: 94




 > dig -x 80.242.194.146 @sunic.sunet.se
; <<>> DiG 9.4.1-P1 <<>> -x 80.242.194.146 @sunic.sunet.se
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28577
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;146.194.242.80.in-addr.arpa.   IN      PTR

;; AUTHORITY SECTION:
194.242.80.in-addr.arpa. 172800 IN      NS      dns1.glattnet.ch.
194.242.80.in-addr.arpa. 172800 IN      NS      dns2.glattnet.ch.

;; Query time: 33 msec
;; SERVER: 192.36.125.2#53(192.36.125.2)
;; WHEN: Thu Apr 10 15:31:15 2008
;; MSG SIZE  rcvd: 94


If i do a tcp request i get an error that i can't connect to the ipv6 
address, but i still get the result over v4


 > dig -x 80.242.194.146 @sunic.sunet.se +tcp
;; Connection to 2001:6b0:7::2#53(2001:6b0:7::2) for 
146.194.242.80.in-addr.arpa. failed: host unreachable.

; <<>> DiG 9.4.1-P1 <<>> -x 80.242.194.146 @sunic.sunet.se +tcp
; (2 servers found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15187
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;146.194.242.80.in-addr.arpa.   IN      PTR

;; AUTHORITY SECTION:
194.242.80.in-addr.arpa. 172800 IN      NS      dns2.glattnet.ch.
194.242.80.in-addr.arpa. 172800 IN      NS      dns1.glattnet.ch.

;; Query time: 33 msec
;; SERVER: 192.36.125.2#53(192.36.125.2)
;; WHEN: Thu Apr 10 15:31:18 2008
;; MSG SIZE  rcvd: 94


Is it possible that a dig +trace tries to connect to an ipv6 address and 
won't fallback to ipv4?
Is there a way to tell bind that it should only connect over ipv4?

If i set the query-source address in named.conf i still get the ipv6 
connection warning from dig

Tia
Philippe



More information about the bind-users mailing list