what does dig +trace do?

Gary Gladney gladney at stsci.edu
Wed Aug 31 08:10:34 UTC 2011 

I believe what is missing the root cache file.  The root cache file would something like this.

; <<>> DiG 9.7.4b1-RedHat-9.7.4-0.3.b1.fc14 <<>> +trace valhalla.stsci.edu
;; global options: +cmd
.			132693	IN	NS	c.root-servers.net.
.			132693	IN	NS	b.root-servers.net.
.			132693	IN	NS	j.root-servers.net.
.			132693	IN	NS	d.root-servers.net.
.			132693	IN	NS	f.root-servers.net.
.			132693	IN	NS	a.root-servers.net.
.			132693	IN	NS	i.root-servers.net.
.			132693	IN	NS	g.root-servers.net.
.			132693	IN	NS	h.root-servers.net.
.			132693	IN	NS	l.root-servers.net.
.			132693	IN	NS	e.root-servers.net.
.			132693	IN	NS	m.root-servers.net.
.			132693	IN	NS	k.root-servers.net.
;; Received 496 bytes from 192.168.0.1#53(192.168.0.1) in 266 ms

The root server would have glue records point to GTLDs, like this
 
edu.			172800	IN	NS	f.edu-servers.net.
edu.			172800	IN	NS	a.edu-servers.net.
edu.			172800	IN	NS	c.edu-servers.net.
edu.			172800	IN	NS	g.edu-servers.net.
edu.			172800	IN	NS	d.edu-servers.net.
edu.			172800	IN	NS	l.edu-servers.net.
;; Received 271 bytes from 198.41.0.4#53(198.41.0.4) in 205 ms

Then the GTLDs would have glue records pointing to nameserver of the domain you are trying to trace.

What you are seeing is your local nameservers, it seems to me they don't have access to the Internet or a firewall is blocking some of the response or you don't have the root cache file to do hints or combination of all the above. Or some other issue that not very clear but the trace should start with the Internet root name servers.

Gary

________________________________________
From: bind-users-bounces+gladney=stsci.edu at lists.isc.org [bind-users-bounces+gladney=stsci.edu at lists.isc.org] on behalf of Tom Schmitt [TomSchmitt at gmx.de]
Sent: Wednesday, August 31, 2011 2:18 AM
To: bind-users at lists.isc.org
Subject: Re: RE: what does dig +trace do?

>
> What strikes me as odd is that the first query does return 4 (internal)
> root servers, but no glue records ?

I have no idea why this is this way.

> Given those root name servers, do you have A-records for root[1234] in
> your root zone ?

Yes, of course. From my root-zone:


.  10800   IN      NS      root1.
.  10800   IN      NS      root2.
.  10800   IN      NS      root3.
.  10800   IN      NS      root4.
root1. 10800 IN A 10.111.111.111
root2. 10800 IN A 10.111.112.112
root3. 10800 IN A 10.111.113.113
root4. 10800 IN A 10.111.114.114
com. 10800 IN NS root3.
com. 10800 IN NS root4.


All these records I can query with dig without any problem, but dig +trace still fails. :-(


--
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
Jetzt informieren: http://www.gmx.net/de/go/freephone
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list