Dig shows wrong ip

Chris Thompson cet1 at cam.ac.uk
Tue Aug 4 14:03:31 UTC 2009 

On Aug 3 2009, JINMEI Tatuya / 神明達哉 wrote:

>At 03 Aug 2009 11:52:10 +0100,
>Chris Thompson <cet1 at cam.ac.uk> wrote:
>
>> will believe this answer (and cache it). This would only be proper 
>> behaviour if the *.gtld-servers.net were slaving (possibly stealth slaving)
>> potomacnetworks.com - which of course they aren't, but how is the poor
>> recursive nameserver to know that?
>
>By seeing the aa bit of the response.  We're aware of this problem and
>have a patch to fix the behavior at the resolver side.  The fix will
>(hopefully) appear in next release versions of BIND9.

That will work nicely for the *.gtld-servers.net nameservers, but there
are others out there with even worse properties. I am thinking, for
example, of {a,b,c,d}.gtld.pro. To be honest, I don't know whether they
"promote glue to answer", but like the *.gtld-servers.net lot they
certainly "promote the delegation NS records to answer", and unlike
those they mark their responses as authoritative. Compare

$ dig +nocmd +nostats +norec ns advocaat.pro @a.gtld.pro
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60662
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;advocaat.pro.                  IN      NS

;; ANSWER SECTION:
advocaat.pro.           14400   IN      NS      a.xtld.cz.
advocaat.pro.           14400   IN      NS      a.xtld.se.
advocaat.pro.           14400   IN      NS      b.xtld.cz.
advocaat.pro.           14400   IN      NS      b.xtld.se.

with

$ dig +nocmd +nostats +norec ns stanford.edu  @a.gtld-servers.net
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21908
;; flags: qr; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;stanford.edu.                  IN      NS

;; ANSWER SECTION:
stanford.edu.           172800  IN      NS      aerathea.stanford.edu.
stanford.edu.           172800  IN      NS      argus.stanford.edu.
stanford.edu.           172800  IN      NS      atalante.stanford.edu.
stanford.edu.           172800  IN      NS      avallone.stanford.edu.

;; ADDITIONAL SECTION:
aerathea.stanford.edu.  172800  IN      A       152.3.104.250
argus.stanford.edu.     172800  IN      A       171.64.7.115
atalante.stanford.edu.  172800  IN      A       171.64.7.61
avallone.stanford.edu.  172800  IN      A       171.64.7.88

and with the correct behavior

$ dig +nocmd +nostats +norec ns ac.uk @ns1.nic.uk
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2597
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 0

;; QUESTION SECTION:
;ac.uk.                         IN      NS

;; AUTHORITY SECTION:
ac.uk.                  172800  IN      NS      ns.uu.net.
ac.uk.                  172800  IN      NS      ws-fra1.win-ip.dfn.de.
ac.uk.                  172800  IN      NS      ns0.ja.net.
ac.uk.                  172800  IN      NS      ns3.ja.net.
ac.uk.                  172800  IN      NS      sunic.sunet.se.
ac.uk.                  172800  IN      NS      ns2.ja.net.
ac.uk.                  172800  IN      NS      ns4.ja.net

-- 
Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list