axfr name compression

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Sun Dec 3 07:22:18 UTC 2000


	Did you turn on "transfer-format many-answers"?
	If off by default in BIND 8 for backwards compatability w/
	BIND 4.  BIND 9 it is on by default.  With one answer per
	message there isn't isn't a big dictionary of domain names
	per message.

	Also there are a compression pointer used your example below.
	There are two in message 1 of the answer.

	Mark

> >> i'm just curious...i noticed this a while ago and only just now
> >> remembered it enough to ask.
> >> 
> >> why is name compression not used on rdata in zone transfers?  this
> >> makes any zone of more than about a dozen records larger in wire
> >> format than the typical flat file form that bind uses.
> >
> >	It is used.
> 
> practical experience tells me it's not.  i did this:
> 
>    % tcpdump -ilo0 -s2000 -raxfr.1 &
>    [1] 2463
>    % dig @127.0.0.1 graffiti.com > axfr.0
>    % kill %1
>    % tcpdump -r axfr.1 | tcpdump-post > axfr.2
>    % ls -al axfr.?
>    -rw-r--r--  1 andrew  staff  1309 Dec  2 22:16 axfr.0
>    -rw-r--r--  1 andrew  staff  3782 Dec  2 22:14 axfr.1
>    -rw-r--r--  1 andrew  staff  1500 Dec  2 22:16 axfr.2
> 
> where tcpdump-post is a perl script that strips out tcp and ip
> headers, leaving just the tcp data.  note that i was using the
> loopback interface (this machine is bsd based) so no packets should be
> lost or misordered.  at the end axfr.0 represents the dig output,
> which should be similar a regular bind zone file (modulo things like
> an extra soa and $ORIGIN statements, axfr.1 is the tcpdump output, and
> axfr.2 is the raw tcp conversation (with the query still attached).
> 
> % strings -3 axfr.2  | sort | uniq -c | sort -rn | head
>   24 graffiti
>   24 com
>   17 net
>   14 untraceable
>    9 smtp
> 
> the sequence graffiti.com is *clearly* not being reduced by
> compression.  if it was, it would appear once.  well...twice, since
> it's also in the query.
> 
> here's some hd output, in case you want to look at it:
> 

	Question:
00000000  00 1e 00 06 01 00 00 01  00 00 00 00 00 00 08 67
00000010  72 61 66 66 69 74 69 03  63 6f 6d 00 00 fc 00 01  |raffiti.com.....

	Answer
	message 1
00000020  00 60 00 06 84 00 00 01  00 01 00 00 00 00 08 67  |.`.............g
00000030  72 61 66 66 69 74 69 03  63 6f 6d 00 00 fc 00 01  |raffiti.com.....
00000040  c0 0c 00 06 00 01 00 00  0e 10 00 36 03 6e 6f 63  |...........6.noc
00000050  0b 75 6e 74 72 61 63 65  61 62 6c 65 03 6e 65 74  |.untraceable.net
00000060  00 0a 68 6f 73 74 6d 61  73 74 65 72 c0 2e 77 26  |..hostmaster..w&
00000070  84 b8 00 00 03 84 00 00  01 2c 00 36 ee 80 00 00  |.........,.6....
00000080  0e 10

	message 2
                00 39 00 06 80 00  00 00 00 01 00 00 00 00  |...9............
00000090  08 67 72 61 66 66 69 74  69 03 63 6f 6d 00 00 02  |.graffiti.com...
000000a0  00 01 00 00 0e 10 00 15  03 6e 6f 63 0b 75 6e 74  |.........noc.unt
000000b0  72 61 63 65 61 62 6c 65  03 6e 65 74 00

	message 3
						  00 34 00  |raceable.net..4.
000000c0  06 80 00 00 00 00 01 00  00 00 00 08 67 72 61 66  |............graf
000000d0  66 69 74 69 03 63 6f 6d  00 00 02 00 01 00 00 0e  |fiti.com........
000000e0  10 00 10 03 6e 73 32 06  61 63 63 65 73 73 03 6e  |....ns2.access.n
000000f0  65 74 00

	message 4
		   00 33 00 06 80  00 00 00 00 01 00 00 00  |et..3...........
00000100  00 08 67 72 61 66 66 69  74 69 03 63 6f 6d 00 00  |..graffiti.com..
> -- 
> |-----< "CODE WARRIOR" >-----|
> codewarrior at daemon.org             * "ah!  i see you have the internet
> twofsonet at graffiti.com (Andrew Brown)                that goes *ping*!"
> andrew at crossbar.com       * "information is power -- share the wealth."
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com



More information about the bind-workers mailing list