Behaviour of a recursive DNS server
yjchu
yjchui at cht.com.tw
Wed Jun 11 06:07:24 UTC 2008
Yes!
I sniffer on the other side of NAT-PT.
Originally, I send one query for AAAA record type for www.google.com.tw.
The NAT-PT box transfers the query into two queries, one for A and one for
AAAA.
Because www.google.com.tw does not have AAAA record type (IPv6 address), so
it reply CNAME only for this query.
The problem is: Can a DNS server be made ignore AAAA query rather than reply
with CNAME record if the domain name does not have any IPv6 address?
Regards
Yann-Ju Chu
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
Of JINMEI Tatuya / 神明達哉
Sent: Wednesday, June 11, 2008 1:11 PM
To: yjchu
Cc: bind-users at isc.org
Subject: Re: Behaviour of a recursive DNS server
At Wed, 11 Jun 2008 10:21:12 +0800,
"yjchu" <yjchui at cht.com.tw> wrote:
> I seems that using html will cause problem in the mailing list, so I
resend
> the reply:
> -------------------------------
>
> I query the domain name "www.google.com.tw", and the query type is AAAA.
>
> Actually, the DNS server I use is 168.95.1.1, which is the DNS server
> provided by Hinet ISP in Taiwan.
>
> Besides, I have double checked the DNS flag. Both the query and the DNS
> server set the recursive flag..
In this case it's a common response when the ultimate target of a
CNAME chain doesn't exist:
% dig www.google.com.tw aaaa
; <<>> DiG 9.4.1-P1 <<>> www.google.com.tw aaaa
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62730
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.google.com.tw. IN AAAA
;; ANSWER SECTION:
www.google.com.tw. 169251 IN CNAME www.google.com.
www.google.com. 490163 IN CNAME www.l.google.com.
;; AUTHORITY SECTION:
l.google.com. 48 IN SOA e.l.google.com.
dns-admin.google.com. 1347955 900 900 1800 600
I suspect the second message you saw was actually a query for an A
RRset of the same name. Then the result you described makes sense:
% dig www.google.com.tw a
; <<>> DiG 9.4.1-P1 <<>> www.google.com.tw a
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11389
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 6, ADDITIONAL: 5
;; QUESTION SECTION:
;www.google.com.tw. IN A
;; ANSWER SECTION:
www.google.com.tw. 169183 IN CNAME www.google.com.
www.google.com. 490095 IN CNAME www.l.google.com.
www.l.google.com. 87 IN A 74.125.19.99
www.l.google.com. 87 IN A 74.125.19.103
www.l.google.com. 87 IN A 74.125.19.104
www.l.google.com. 87 IN A 74.125.19.147
It's the vast majority case today (when a CNAME is involved), so you
need to deal with that at your side.
---
JINMEI, Tatuya
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list