axfr name compression
Mark.Andrews at nominum.com
Mark.Andrews at nominum.com
Sun Dec 3 07:22:18 UTC 2000
Did you turn on "transfer-format many-answers"?
If off by default in BIND 8 for backwards compatability w/
BIND 4. BIND 9 it is on by default. With one answer per
message there isn't isn't a big dictionary of domain names
per message.
Also there are a compression pointer used your example below.
There are two in message 1 of the answer.
Mark
> >> i'm just curious...i noticed this a while ago and only just now
> >> remembered it enough to ask.
> >>
> >> why is name compression not used on rdata in zone transfers? this
> >> makes any zone of more than about a dozen records larger in wire
> >> format than the typical flat file form that bind uses.
> >
> > It is used.
>
> practical experience tells me it's not. i did this:
>
> % tcpdump -ilo0 -s2000 -raxfr.1 &
> [1] 2463
> % dig @127.0.0.1 graffiti.com > axfr.0
> % kill %1
> % tcpdump -r axfr.1 | tcpdump-post > axfr.2
> % ls -al axfr.?
> -rw-r--r-- 1 andrew staff 1309 Dec 2 22:16 axfr.0
> -rw-r--r-- 1 andrew staff 3782 Dec 2 22:14 axfr.1
> -rw-r--r-- 1 andrew staff 1500 Dec 2 22:16 axfr.2
>
> where tcpdump-post is a perl script that strips out tcp and ip
> headers, leaving just the tcp data. note that i was using the
> loopback interface (this machine is bsd based) so no packets should be
> lost or misordered. at the end axfr.0 represents the dig output,
> which should be similar a regular bind zone file (modulo things like
> an extra soa and $ORIGIN statements, axfr.1 is the tcpdump output, and
> axfr.2 is the raw tcp conversation (with the query still attached).
>
> % strings -3 axfr.2 | sort | uniq -c | sort -rn | head
> 24 graffiti
> 24 com
> 17 net
> 14 untraceable
> 9 smtp
>
> the sequence graffiti.com is *clearly* not being reduced by
> compression. if it was, it would appear once. well...twice, since
> it's also in the query.
>
> here's some hd output, in case you want to look at it:
>
Question:
00000000 00 1e 00 06 01 00 00 01 00 00 00 00 00 00 08 67
00000010 72 61 66 66 69 74 69 03 63 6f 6d 00 00 fc 00 01 |raffiti.com.....
Answer
message 1
00000020 00 60 00 06 84 00 00 01 00 01 00 00 00 00 08 67 |.`.............g
00000030 72 61 66 66 69 74 69 03 63 6f 6d 00 00 fc 00 01 |raffiti.com.....
00000040 c0 0c 00 06 00 01 00 00 0e 10 00 36 03 6e 6f 63 |...........6.noc
00000050 0b 75 6e 74 72 61 63 65 61 62 6c 65 03 6e 65 74 |.untraceable.net
00000060 00 0a 68 6f 73 74 6d 61 73 74 65 72 c0 2e 77 26 |..hostmaster..w&
00000070 84 b8 00 00 03 84 00 00 01 2c 00 36 ee 80 00 00 |.........,.6....
00000080 0e 10
message 2
00 39 00 06 80 00 00 00 00 01 00 00 00 00 |...9............
00000090 08 67 72 61 66 66 69 74 69 03 63 6f 6d 00 00 02 |.graffiti.com...
000000a0 00 01 00 00 0e 10 00 15 03 6e 6f 63 0b 75 6e 74 |.........noc.unt
000000b0 72 61 63 65 61 62 6c 65 03 6e 65 74 00
message 3
00 34 00 |raceable.net..4.
000000c0 06 80 00 00 00 00 01 00 00 00 00 08 67 72 61 66 |............graf
000000d0 66 69 74 69 03 63 6f 6d 00 00 02 00 01 00 00 0e |fiti.com........
000000e0 10 00 10 03 6e 73 32 06 61 63 63 65 73 73 03 6e |....ns2.access.n
000000f0 65 74 00
message 4
00 33 00 06 80 00 00 00 00 01 00 00 00 |et..3...........
00000100 00 08 67 72 61 66 66 69 74 69 03 63 6f 6d 00 00 |..graffiti.com..
> --
> |-----< "CODE WARRIOR" >-----|
> codewarrior at daemon.org * "ah! i see you have the internet
> twofsonet at graffiti.com (Andrew Brown) that goes *ping*!"
> andrew at crossbar.com * "information is power -- share the wealth."
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-workers
mailing list