Behaviour of a recursive DNS server
yjchui at cht.com.tw
Wed Jun 11 01:42:21 UTC 2008
I query the domain name "www.google.com.tw <http://www.google.com.tw/> =
and the query type is AAAA.
Actually, the DNS server I use is 22.214.171.124, which is the DNS server
provided by Hinet ISP in Taiwan.=20
I try to attach the picture of sniffer result, if you can receive the =
In the picture, the detail content of the first DNS reply is shown. This
first reply, which is very wired for me, contains nothing but only =
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On =
Of JINMEI Tatuya / =AF=AB=A9=FA=B9F=ABv
Sent: Wednesday, June 11, 2008 2:38 AM
Cc: bind-users at isc.org
Subject: Re: Behaviour of a recursive DNS server
At Tue, 10 Jun 2008 14:30:08 +0800,
"yjchu" <yjchui at cht.com.tw> wrote:
> I am trying IPv6 NAT-PT, so I wish my DNS server (my ISP DNS server) =
> purely recursive.
> So, I send a recursive query, and my DNS server does reply recursively =
> with strange behaviors described as following:
> Sometimes, the DNS server will have two replies for single one query.
> The first reply will only contain the CNAME but no A or AAAA record
> (address) information for the CNAME.
> Then, the second reply has all the information, including CNAME and =
> record information.
Can you provide specific domain names and query types that cause this
> I have tried to build up my own DNS server using Bind 9.2.1 and make =
> support recursive reply.
I'm not sure if it's related to the issue, but I'd suggest you use a
more recent version. 9.2.1 is way too old and is basically not
supported any more.
> I find that sometimes, the reply of my DNS server just contains CNAME
> for my query name, no further information. (No second reply with =
> However, from the sniffer, the recursive flag in DNS reply is set !!!!
This may be a typo, but in case you really looked at the reply, you
should rather look at the recursive (RD) flag of the *query*.
Finally, you cannot always assume that a response contains a complete
chain to the final answer. You'll need to adapt your software (the
DNS client) so that it can handle an incomplete CNAME/DNAME chain
Internet Systems Consortium, Inc.
More information about the bind-users