[dns-operations] CNAME into a delegated zone goes wrong.... any ideas?
Steven Carr
sjcarr at gmail.com
Sun Jun 12 22:11:21 UTC 2011
I'm not sure what you are expecting to see... the server has responded
with what you have asked for in the +trace - when you do +trace
recursion is disabled so it will never give you the "final" answer if
you are expecting it to recurse, it will only give you what you have
asked for, which in this case is the record for ntp.us.sixxs.net.
Querying 8.8.8.8 normally returns the correct list...
sjcarr at grover:~ $ dig @8.8.8.8 us.ntp.sixxs.net a
; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 us.ntp.sixxs.net a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14199
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;us.ntp.sixxs.net. IN A
;; ANSWER SECTION:
us.ntp.sixxs.net. 86400 IN A 66.223.254.250
us.ntp.sixxs.net. 86400 IN A 201.48.254.14
us.ntp.sixxs.net. 86400 IN A 209.197.5.66
us.ntp.sixxs.net. 86400 IN A 209.197.16.66
us.ntp.sixxs.net. 86400 IN A 216.93.250.26
;; Query time: 223 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Jun 12 23:05:07 2011
;; MSG SIZE rcvd: 114
sjcarr at grover:~ $ dig @8.8.8.8 ntp.us.sixxs.net a
; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 ntp.us.sixxs.net a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31918
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ntp.us.sixxs.net. IN A
;; ANSWER SECTION:
ntp.us.sixxs.net. 0 IN CNAME us.ntp.sixxs.net.
us.ntp.sixxs.net. 86400 IN A 66.223.254.250
us.ntp.sixxs.net. 86400 IN A 201.48.254.14
us.ntp.sixxs.net. 86400 IN A 209.197.5.66
us.ntp.sixxs.net. 86400 IN A 209.197.16.66
us.ntp.sixxs.net. 86400 IN A 216.93.250.26
;; Query time: 124 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Jun 12 23:05:13 2011
;; MSG SIZE rcvd: 135
Steve
--
Indigo Solutions Europe Limited
www.indigo-solutions.eu
On 12 June 2011 22:50, Jeroen Massar <jeroen at unfix.org> wrote:
> On 2011-06-12 23:47 , Steven Carr wrote:
>> the answer is staring you in the face...
>>
>>> ;; WARNING: recursion requested but not available
>>
>> The server is only responding with what you have asked for, recursive
>> lookup for your request is denied.
>
> Oops, forgot to be a bit more verbose, for this query yes, but if one
> does for instance:
> 8<-------------------------------------------------------------------------
> $ dig @8.8.8.8 +trace ntp.us.sixxs.net
>
> ; <<>> DiG 9.7.3 <<>> @8.8.8.8 +trace ntp.us.sixxs.net
> ; (1 server found)
> ;; global options: +cmd
> . 71550 IN NS k.root-servers.net.
> . 71550 IN NS h.root-servers.net.
> . 71550 IN NS l.root-servers.net.
> . 71550 IN NS d.root-servers.net.
> . 71550 IN NS c.root-servers.net.
> . 71550 IN NS a.root-servers.net.
> . 71550 IN NS b.root-servers.net.
> . 71550 IN NS f.root-servers.net.
> . 71550 IN NS j.root-servers.net.
> . 71550 IN NS m.root-servers.net.
> . 71550 IN NS i.root-servers.net.
> . 71550 IN NS e.root-servers.net.
> . 71550 IN NS g.root-servers.net.
> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 7 ms
>
> net. 172800 IN NS l.gtld-servers.net.
> net. 172800 IN NS b.gtld-servers.net.
> net. 172800 IN NS m.gtld-servers.net.
> net. 172800 IN NS f.gtld-servers.net.
> net. 172800 IN NS c.gtld-servers.net.
> net. 172800 IN NS e.gtld-servers.net.
> net. 172800 IN NS d.gtld-servers.net.
> net. 172800 IN NS a.gtld-servers.net.
> net. 172800 IN NS j.gtld-servers.net.
> net. 172800 IN NS h.gtld-servers.net.
> net. 172800 IN NS g.gtld-servers.net.
> net. 172800 IN NS k.gtld-servers.net.
> net. 172800 IN NS i.gtld-servers.net.
> ;; Received 491 bytes from 2001:500:2f::f#53(f.root-servers.net) in 151 ms
>
> sixxs.net. 172800 IN NS ns.paphosting.net.
> sixxs.net. 172800 IN NS ns.paphosting.nl.
> sixxs.net. 172800 IN NS ns.paphosting.eu.
> ;; Received 166 bytes from 192.35.51.30#53(f.gtld-servers.net) in 170 ms
>
> ntp.us.sixxs.net. 3600 IN CNAME us.ntp.sixxs.net.
> ntp.sixxs.net. 3600 IN NS ns1.sixxs.net.
> ntp.sixxs.net. 3600 IN NS ns2.sixxs.net.
> ntp.sixxs.net. 3600 IN NS ns3.sixxs.net.
> sixxs.net. 3600 IN NS ns.paphosting.net.
> sixxs.net. 3600 IN NS ns.paphosting.nl.
> sixxs.net. 3600 IN NS ns.paphosting.eu.
> ;; Received 345 bytes from 2001:788:2:117::2#53(ns.paphosting.eu) in 27 ms
> ------------------------------------------------------------------------->8
>
> and that is the last hop, there is no query to nsX.sixxs.net that while
> a +trace is supposed to go on.
>
> It seems to depend a lot on which recursor is in the middle if that last
> hop is ever reached or not.
>
> Greets,
> Jeroen
>
More information about the dns-operations
mailing list