<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
On 3/7/2011 6:36 AM, Diezig Adrian wrote:
<blockquote
cite="mid:1DD28595E6555E498A4EED9CF13F8ABF07BE20707A@SVCSTCCRMB01.devoteam.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=ISO-8859-1">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1485586520;
mso-list-type:hybrid;
mso-list-template-ids:55751756 -629002266 134676483 134676485 134676481 134676483 134676485 134676481 134676483 134676485;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I have a question
concerning answers from DNS servers, when I query a name
with type “any” and the name is a CNAME.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I have the following
example (works also in Internet) with an ISC BIND server
(BIND 9.7.0-P1):<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">; <<>> DiG
9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>>
@newton.genesiscom.ch dns.ipam.ch<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">; (1 server found)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; global options:
printcmd<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; Got answer:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id:
25078<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; flags: qr aa rd;
QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; QUESTION SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;dns.ipam.ch.
IN A<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; ANSWER SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">dns.ipam.ch.
600 IN CNAME <a class="moz-txt-link-abbreviated" href="http://www.ipam.ch">www.ipam.ch</a>.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a class="moz-txt-link-abbreviated" href="http://www.ipam.ch">www.ipam.ch</a>.
600 IN A 81.18.25.238<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; Query time: 1 msec<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; SERVER:
10.10.3.13#53(10.10.3.13)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; WHEN: Mon Mar 7
11:52:38 2011<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; MSG SIZE rcvd: 63<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">As you can see, we have
a CNAME dns.ipam.ch that points to <a class="moz-txt-link-abbreviated" href="http://www.ipam.ch">www.ipam.ch</a>.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a class="moz-txt-link-abbreviated" href="http://www.ipam.ch">www.ipam.ch</a> is an
A-Record to 81.18.25.238.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">When I do the following
query (type=any to dns.ipam.ch), only the CNAME itself will
be in the answer section (the A-Record not):<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">; <<>> DiG
9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>>
@newton.genesiscom.ch dns.ipam.ch any<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">; (1 server found)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; global options:
printcmd<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; Got answer:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id:
46532<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; flags: qr aa rd;
QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; QUESTION SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;dns.ipam.ch.
IN ANY<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; ANSWER SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">dns.ipam.ch.
600 IN CNAME <a class="moz-txt-link-abbreviated" href="http://www.ipam.ch">www.ipam.ch</a>.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; Query time: 1 msec<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; SERVER:
10.10.3.13#53(10.10.3.13)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; WHEN: Mon Mar 7
11:53:21 2011<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; MSG SIZE rcvd: 47<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
</blockquote>
That's valid response, albeit a little stingy. You asked about all
records matching the name "dns.ipam.ch", and it gave you "all
records".<br>
<br>
Note that RFC 1034's "nameserver algorithm" (section 4.3.2)
specifies that a query should be "restarted" if QNAME owns a CNAME
RR "and QTYPE doesn't match CNAME". In a "normal" case, e.g.
QTYPE=A, this means that the CNAME gets added to the Answer Section
and then the query is "restarted", as if the target of the alias
were QNAME. It either produces A records or it doesn't. But in this
*special* case, QTYPE=* does in fact "match" the CNAME record found
by the nameserver, therefore the query is not restarted. The
nameserver just returns what is has -- i.e. the CNAME record -- and
its job is done. It jumps to Step 6 of the algorithm: return the
records along with any Additional Records that it deems "helpful",
and exit.<br>
<blockquote
cite="mid:1DD28595E6555E498A4EED9CF13F8ABF07BE20707A@SVCSTCCRMB01.devoteam.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">When I do a comparable
query (also with type=any) to another DNS Server (eg.
google.com)….<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">; <<>> DiG
9.3.2 <<>> @ns1.google.com. <a class="moz-txt-link-abbreviated" href="http://www.google.com">www.google.com</a>. any<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">; (1 server found)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; global options:
printcmd<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; Got answer:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;;
->>HEADER<<- opcode: QUERY, status: NOERROR, id:
1636<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; flags: qr aa rd;
QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; QUESTION SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;www.google.com.
IN ANY<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; ANSWER SECTION:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a class="moz-txt-link-abbreviated" href="http://www.google.com">www.google.com</a>.
604800 IN CNAME <a class="moz-txt-link-abbreviated" href="http://www.l.google.com">www.l.google.com</a>.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a class="moz-txt-link-abbreviated" href="http://www.l.google.com">www.l.google.com</a>.
300 IN A 74.125.232.114<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a class="moz-txt-link-abbreviated" href="http://www.l.google.com">www.l.google.com</a>.
300 IN A 74.125.232.115<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a class="moz-txt-link-abbreviated" href="http://www.l.google.com">www.l.google.com</a>.
300 IN A 74.125.232.116<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a class="moz-txt-link-abbreviated" href="http://www.l.google.com">www.l.google.com</a>.
300 IN A 74.125.232.113<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><a class="moz-txt-link-abbreviated" href="http://www.l.google.com">www.l.google.com</a>.
300 IN A 74.125.232.112<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; Query time: 46 msec<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; SERVER:
216.239.32.10#53(216.239.32.10)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; WHEN: Mon Mar 07
09:44:32 2011<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">;; MSG SIZE rcvd: 132<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">… I will get also the
associated A Records. </span></p>
</div>
</blockquote>
Well, ns1.google.com coincidentally *happens* to also be
authoritative for l.google.com, so it was able to provide the A
records. It's arguable, however, whether it should have "restarted"
the query or not (in the sense described above).<br>
<blockquote
cite="mid:1DD28595E6555E498A4EED9CF13F8ABF07BE20707A@SVCSTCCRMB01.devoteam.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Does anybody have an
idea, why the behavior is different? Can I configure this on
my DNS Server (ISC BIND)?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">FYI:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">dig @ns1.hp.com.
<a class="moz-txt-link-abbreviated" href="http://www.hp.com">www.hp.com</a>. any<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">and<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">dig @ns1.yahoo.com.
<a class="moz-txt-link-abbreviated" href="http://www.yahoo.com">www.yahoo.com</a> any<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
</div>
</blockquote>
Understand that ns1.hp.com is *not* authoritative for any A records
owned by <a class="moz-txt-link-abbreviated" href="http://www.hp.com">www.hp.com</a> (the name is an alias to <a class="moz-txt-link-abbreviated" href="http://www.hpgtm.nsatc.net">www.hpgtm.nsatc.net</a> so
the authoritative A records would be given from something hosting
some descendant of nsatc.net), and ns1.yahoo.com is *not*
authoritative for any A records owned by <a class="moz-txt-link-abbreviated" href="http://www.yahoo.com">www.yahoo.com</a> (which is an
alias to fp.wg1.b.yahoo.com, at least when I query it; the exact
target of the alias might depend on who is querying it).<br>
<br>
<blockquote
cite="mid:1DD28595E6555E498A4EED9CF13F8ABF07BE20707A@SVCSTCCRMB01.devoteam.com"
type="cite">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">will also answer without
any A-Records (like me).<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I have the following
questions:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
lang="EN-US"><span style="">-<span style="font: 7pt
"Times New Roman";"> </span></span></span><!--[endif]--><span
lang="EN-US">which one is correct (RFC)?</span></p>
</div>
</blockquote>
An ANY query should return A records if the nameserver being queried
is actually authoritative for the name being queried and the name
owns A records. But if -- as in your examples above -- the
nameserver only holds an alias, it is under no obligation to go and
fetch those A records on your behalf.<br>
<blockquote
cite="mid:1DD28595E6555E498A4EED9CF13F8ABF07BE20707A@SVCSTCCRMB01.devoteam.com"
type="cite">
<div class="WordSection1">
<p class="MsoListParagraph" style="text-indent: -18pt;"><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
lang="EN-US"><span style="">-<span style="font: 7pt
"Times New Roman";"> </span></span></span><!--[endif]--><span
lang="EN-US">is it configurable in ISC BIND?</span></p>
</div>
</blockquote>
Nope.<br>
<blockquote
cite="mid:1DD28595E6555E498A4EED9CF13F8ABF07BE20707A@SVCSTCCRMB01.devoteam.com"
type="cite">
<div class="WordSection1">
<p class="MsoListParagraph" style="text-indent: -18pt;"><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent: -18pt;"><!--[if !supportLists]--><span
lang="EN-US"><span style="">-<span style="font: 7pt
"Times New Roman";"> </span></span></span><!--[endif]--><span
lang="EN-US">does the behavior depends on different BIND
version?</span></p>
</div>
</blockquote>
Nope. As far as I know, BIND has always been this way.<br>
<blockquote
cite="mid:1DD28595E6555E498A4EED9CF13F8ABF07BE20707A@SVCSTCCRMB01.devoteam.com"
type="cite">
<div class="WordSection1">
<p class="MsoListParagraph" style="text-indent: -18pt;"><span
lang="EN-US"><o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I know that it is not
very common to do queries with type any. The problem we have
is the following:<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">A Device/Application in
our network is doing always queries from type “any”. <o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">From our side it’s not
possible to change the type, because it’s hard-coded in the
software.</span></p>
</div>
</blockquote>
Apparently the app made a bad assumption about how ANY queries work.
Hopefully it at least has the sense to follow those non-productive
ANY queries with explicit A/AAAA/MX/SRVwhatever queries for the data
it's looking for.<br>
<br>
-
Kevin<br>
<br>
</body>
</html>