Behaviour of a recursive DNS server

yjchu yjchui at cht.com.tw
Wed Jun 11 06:07:24 UTC 2008


Yes!
I sniffer on the other side of NAT-PT. 
Originally, I send one query for AAAA record type for www.google.com.tw.
The NAT-PT box transfers the query into two queries, one for A and one for
AAAA.
Because www.google.com.tw does not have AAAA record type (IPv6 address), so
it reply CNAME only for this query.
The problem is: Can a DNS server be made ignore AAAA query rather than reply
with CNAME record if the domain name does not have any IPv6 address? 

Regards
Yann-Ju Chu

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On Behalf
Of JINMEI Tatuya / 神明達哉
Sent: Wednesday, June 11, 2008 1:11 PM
To: yjchu
Cc: bind-users at isc.org
Subject: Re: Behaviour of a recursive DNS server

At Wed, 11 Jun 2008 10:21:12 +0800,
"yjchu" <yjchui at cht.com.tw> wrote:

> I seems that using html will cause problem in the mailing list, so I
resend
> the reply:
> -------------------------------
> 
> I query the domain name "www.google.com.tw", and the query type is AAAA.
> 
> Actually, the DNS server I use is 168.95.1.1, which is the DNS server
> provided by Hinet ISP in Taiwan.
> 
> Besides, I have double checked the DNS flag. Both the query and the DNS
> server set the recursive flag..

In this case it's a common response when the ultimate target of a
CNAME chain doesn't exist:

% dig www.google.com.tw aaaa

; <<>> DiG 9.4.1-P1 <<>> www.google.com.tw aaaa
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62730
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.tw.		IN	AAAA

;; ANSWER SECTION:
www.google.com.tw.	169251	IN	CNAME	www.google.com.
www.google.com.		490163	IN	CNAME	www.l.google.com.

;; AUTHORITY SECTION:
l.google.com.		48	IN	SOA	e.l.google.com.
dns-admin.google.com. 1347955 900 900 1800 600

I suspect the second message you saw was actually a query for an A
RRset of the same name.  Then the result you described makes sense:

% dig www.google.com.tw a

; <<>> DiG 9.4.1-P1 <<>> www.google.com.tw a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11389
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 6, ADDITIONAL: 5

;; QUESTION SECTION:
;www.google.com.tw.		IN	A

;; ANSWER SECTION:
www.google.com.tw.	169183	IN	CNAME	www.google.com.
www.google.com.		490095	IN	CNAME	www.l.google.com.
www.l.google.com.	87	IN	A	74.125.19.99
www.l.google.com.	87	IN	A	74.125.19.103
www.l.google.com.	87	IN	A	74.125.19.104
www.l.google.com.	87	IN	A	74.125.19.147

It's the vast majority case today (when a CNAME is involved), so you
need to deal with that at your side.

---
JINMEI, Tatuya
Internet Systems Consortium, Inc.



More information about the bind-users mailing list