axfr name compression

Andrew Brown atatat at atatdot.net
Sun Dec 3 03:44:43 UTC 2000 

>> i'm just curious...i noticed this a while ago and only just now
>> remembered it enough to ask.
>> 
>> why is name compression not used on rdata in zone transfers?  this
>> makes any zone of more than about a dozen records larger in wire
>> format than the typical flat file form that bind uses.
>
>	It is used.

practical experience tells me it's not.  i did this:

   % tcpdump -ilo0 -s2000 -raxfr.1 &
   [1] 2463
   % dig @127.0.0.1 graffiti.com > axfr.0
   % kill %1
   % tcpdump -r axfr.1 | tcpdump-post > axfr.2
   % ls -al axfr.?
   -rw-r--r--  1 andrew  staff  1309 Dec  2 22:16 axfr.0
   -rw-r--r--  1 andrew  staff  3782 Dec  2 22:14 axfr.1
   -rw-r--r--  1 andrew  staff  1500 Dec  2 22:16 axfr.2

where tcpdump-post is a perl script that strips out tcp and ip
headers, leaving just the tcp data.  note that i was using the
loopback interface (this machine is bsd based) so no packets should be
lost or misordered.  at the end axfr.0 represents the dig output,
which should be similar a regular bind zone file (modulo things like
an extra soa and $ORIGIN statements, axfr.1 is the tcpdump output, and
axfr.2 is the raw tcp conversation (with the query still attached).

% strings -3 axfr.2  | sort | uniq -c | sort -rn | head
  24 graffiti
  24 com
  17 net
  14 untraceable
   9 smtp

the sequence graffiti.com is *clearly* not being reduced by
compression.  if it was, it would appear once.  well...twice, since
it's also in the query.

here's some hd output, in case you want to look at it:

00000000  00 1e 00 06 01 00 00 01  00 00 00 00 00 00 08 67  |...............g|
00000010  72 61 66 66 69 74 69 03  63 6f 6d 00 00 fc 00 01  |raffiti.com.....|
00000020  00 60 00 06 84 00 00 01  00 01 00 00 00 00 08 67  |.`.............g|
00000030  72 61 66 66 69 74 69 03  63 6f 6d 00 00 fc 00 01  |raffiti.com.....|
00000040  c0 0c 00 06 00 01 00 00  0e 10 00 36 03 6e 6f 63  |...........6.noc|
00000050  0b 75 6e 74 72 61 63 65  61 62 6c 65 03 6e 65 74  |.untraceable.net|
00000060  00 0a 68 6f 73 74 6d 61  73 74 65 72 c0 2e 77 26  |..hostmaster..w&|
00000070  84 b8 00 00 03 84 00 00  01 2c 00 36 ee 80 00 00  |.........,.6....|
00000080  0e 10 00 39 00 06 80 00  00 00 00 01 00 00 00 00  |...9............|
00000090  08 67 72 61 66 66 69 74  69 03 63 6f 6d 00 00 02  |.graffiti.com...|
000000a0  00 01 00 00 0e 10 00 15  03 6e 6f 63 0b 75 6e 74  |.........noc.unt|
000000b0  72 61 63 65 61 62 6c 65  03 6e 65 74 00 00 34 00  |raceable.net..4.|
000000c0  06 80 00 00 00 00 01 00  00 00 00 08 67 72 61 66  |............graf|
000000d0  66 69 74 69 03 63 6f 6d  00 00 02 00 01 00 00 0e  |fiti.com........|
000000e0  10 00 10 03 6e 73 32 06  61 63 63 65 73 73 03 6e  |....ns2.access.n|
000000f0  65 74 00 00 33 00 06 80  00 00 00 00 01 00 00 00  |et..3...........|
00000100  00 08 67 72 61 66 66 69  74 69 03 63 6f 6d 00 00  |..graffiti.com..|
...

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior at daemon.org             * "ah!  i see you have the internet
twofsonet at graffiti.com (Andrew Brown)                that goes *ping*!"
andrew at crossbar.com       * "information is power -- share the wealth."

More information about the bind-workers mailing list