Dig shows wrong ip
Chris Thompson
cet1 at cam.ac.uk
Tue Aug 4 14:03:31 UTC 2009
On Aug 3 2009, JINMEI Tatuya / 神明達哉 wrote:
>At 03 Aug 2009 11:52:10 +0100,
>Chris Thompson <cet1 at cam.ac.uk> wrote:
>
>> will believe this answer (and cache it). This would only be proper
>> behaviour if the *.gtld-servers.net were slaving (possibly stealth slaving)
>> potomacnetworks.com - which of course they aren't, but how is the poor
>> recursive nameserver to know that?
>
>By seeing the aa bit of the response. We're aware of this problem and
>have a patch to fix the behavior at the resolver side. The fix will
>(hopefully) appear in next release versions of BIND9.
That will work nicely for the *.gtld-servers.net nameservers, but there
are others out there with even worse properties. I am thinking, for
example, of {a,b,c,d}.gtld.pro. To be honest, I don't know whether they
"promote glue to answer", but like the *.gtld-servers.net lot they
certainly "promote the delegation NS records to answer", and unlike
those they mark their responses as authoritative. Compare
$ dig +nocmd +nostats +norec ns advocaat.pro @a.gtld.pro
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60662
;; flags: qr aa; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;advocaat.pro. IN NS
;; ANSWER SECTION:
advocaat.pro. 14400 IN NS a.xtld.cz.
advocaat.pro. 14400 IN NS a.xtld.se.
advocaat.pro. 14400 IN NS b.xtld.cz.
advocaat.pro. 14400 IN NS b.xtld.se.
with
$ dig +nocmd +nostats +norec ns stanford.edu @a.gtld-servers.net
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21908
;; flags: qr; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION:
;stanford.edu. IN NS
;; ANSWER SECTION:
stanford.edu. 172800 IN NS aerathea.stanford.edu.
stanford.edu. 172800 IN NS argus.stanford.edu.
stanford.edu. 172800 IN NS atalante.stanford.edu.
stanford.edu. 172800 IN NS avallone.stanford.edu.
;; ADDITIONAL SECTION:
aerathea.stanford.edu. 172800 IN A 152.3.104.250
argus.stanford.edu. 172800 IN A 171.64.7.115
atalante.stanford.edu. 172800 IN A 171.64.7.61
avallone.stanford.edu. 172800 IN A 171.64.7.88
and with the correct behavior
$ dig +nocmd +nostats +norec ns ac.uk @ns1.nic.uk
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2597
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 0
;; QUESTION SECTION:
;ac.uk. IN NS
;; AUTHORITY SECTION:
ac.uk. 172800 IN NS ns.uu.net.
ac.uk. 172800 IN NS ws-fra1.win-ip.dfn.de.
ac.uk. 172800 IN NS ns0.ja.net.
ac.uk. 172800 IN NS ns3.ja.net.
ac.uk. 172800 IN NS sunic.sunet.se.
ac.uk. 172800 IN NS ns2.ja.net.
ac.uk. 172800 IN NS ns4.ja.net
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list