"minimal-any" configuration query
dot at dotat.at
Thu Sep 17 21:23:13 UTC 2020
ShubhamGoyal <shubhamgoyal at cdac.in> wrote:
> We have enabled " minimal-any yes;" in our Bind DNS Sever, Yet an ANY
> query provides complete details instead of providing reduced details .
Testing minimal-any with dig is tricky and very obscure!
For an example of how to test it, try:
dig cam.ac.uk any @184.108.40.206
dig +notcp cam.ac.uk any @220.127.116.11
There's a special case in dig to use TCP by default for ANY queries, so
that naive users can continue to use ANY queries for debugging. This can
be confusing for slightly less naive users who are trying to test
minimal-any - it trips me up sometimes! And there is no indication in
dig's output to tell you whether it used TCP or UDP, so there is no way
you can be expected to find this out from experimentation.
As well as that there is the issue that dig has two TCP-related options,
and you have to know which one to use in which situation.
The +tcp/+notcp option that I used above controls whether TCP is used in
the initial query. But usually in the past it has only been used as +tcp
because the initial query almost always defaults to UDP (the exception was
things like AXFR). If you wanted to suppress TCP, such as when testing
truncation, then usual way was with the +ignore option. But this only
controls retry-over-tcp when dig sees a TC bit.
If you try to use +notcp when testing truncation, it doesn't work - dig
still retries over TCP. If you try to use +ignore when testing
minimal-any, it doesn't work, because there's no TC bit.
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
democracy, participation, and the co-operative principle
More information about the bind-users