[dns-operations] CNAME into a delegated zone goes wrong.... any ideas?

Steven Carr sjcarr at gmail.com
Sun Jun 12 22:11:21 UTC 2011 

I'm not sure what you are expecting to see... the server has responded
with what you have asked for in the +trace - when you do +trace
recursion is disabled so it will never give you the "final" answer if
you are expecting it to recurse, it will only give you what you have
asked for, which in this case is the record for ntp.us.sixxs.net.

Querying 8.8.8.8 normally returns the correct list...

sjcarr at grover:~ $ dig @8.8.8.8 us.ntp.sixxs.net a

; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 us.ntp.sixxs.net a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14199
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;us.ntp.sixxs.net.		IN	A

;; ANSWER SECTION:
us.ntp.sixxs.net.	86400	IN	A	66.223.254.250
us.ntp.sixxs.net.	86400	IN	A	201.48.254.14
us.ntp.sixxs.net.	86400	IN	A	209.197.5.66
us.ntp.sixxs.net.	86400	IN	A	209.197.16.66
us.ntp.sixxs.net.	86400	IN	A	216.93.250.26

;; Query time: 223 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Jun 12 23:05:07 2011
;; MSG SIZE  rcvd: 114

sjcarr at grover:~ $ dig @8.8.8.8 ntp.us.sixxs.net a

; <<>> DiG 9.6.0-APPLE-P2 <<>> @8.8.8.8 ntp.us.sixxs.net a
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31918
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ntp.us.sixxs.net.		IN	A

;; ANSWER SECTION:
ntp.us.sixxs.net.	0	IN	CNAME	us.ntp.sixxs.net.
us.ntp.sixxs.net.	86400	IN	A	66.223.254.250
us.ntp.sixxs.net.	86400	IN	A	201.48.254.14
us.ntp.sixxs.net.	86400	IN	A	209.197.5.66
us.ntp.sixxs.net.	86400	IN	A	209.197.16.66
us.ntp.sixxs.net.	86400	IN	A	216.93.250.26

;; Query time: 124 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Jun 12 23:05:13 2011
;; MSG SIZE  rcvd: 135

Steve

--
Indigo Solutions Europe Limited
www.indigo-solutions.eu



On 12 June 2011 22:50, Jeroen Massar <jeroen at unfix.org> wrote:
> On 2011-06-12 23:47 , Steven Carr wrote:
>> the answer is staring you in the face...
>>
>>> ;; WARNING: recursion requested but not available
>>
>> The server is only responding with what you have asked for, recursive
>> lookup for your request is denied.
>
> Oops, forgot to be a bit more verbose, for this query yes, but if one
> does for instance:
> 8<-------------------------------------------------------------------------
> $ dig @8.8.8.8 +trace ntp.us.sixxs.net
>
> ; <<>> DiG 9.7.3 <<>> @8.8.8.8 +trace ntp.us.sixxs.net
> ; (1 server found)
> ;; global options: +cmd
> .                       71550   IN      NS      k.root-servers.net.
> .                       71550   IN      NS      h.root-servers.net.
> .                       71550   IN      NS      l.root-servers.net.
> .                       71550   IN      NS      d.root-servers.net.
> .                       71550   IN      NS      c.root-servers.net.
> .                       71550   IN      NS      a.root-servers.net.
> .                       71550   IN      NS      b.root-servers.net.
> .                       71550   IN      NS      f.root-servers.net.
> .                       71550   IN      NS      j.root-servers.net.
> .                       71550   IN      NS      m.root-servers.net.
> .                       71550   IN      NS      i.root-servers.net.
> .                       71550   IN      NS      e.root-servers.net.
> .                       71550   IN      NS      g.root-servers.net.
> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 7 ms
>
> net.                    172800  IN      NS      l.gtld-servers.net.
> net.                    172800  IN      NS      b.gtld-servers.net.
> net.                    172800  IN      NS      m.gtld-servers.net.
> net.                    172800  IN      NS      f.gtld-servers.net.
> net.                    172800  IN      NS      c.gtld-servers.net.
> net.                    172800  IN      NS      e.gtld-servers.net.
> net.                    172800  IN      NS      d.gtld-servers.net.
> net.                    172800  IN      NS      a.gtld-servers.net.
> net.                    172800  IN      NS      j.gtld-servers.net.
> net.                    172800  IN      NS      h.gtld-servers.net.
> net.                    172800  IN      NS      g.gtld-servers.net.
> net.                    172800  IN      NS      k.gtld-servers.net.
> net.                    172800  IN      NS      i.gtld-servers.net.
> ;; Received 491 bytes from 2001:500:2f::f#53(f.root-servers.net) in 151 ms
>
> sixxs.net.              172800  IN      NS      ns.paphosting.net.
> sixxs.net.              172800  IN      NS      ns.paphosting.nl.
> sixxs.net.              172800  IN      NS      ns.paphosting.eu.
> ;; Received 166 bytes from 192.35.51.30#53(f.gtld-servers.net) in 170 ms
>
> ntp.us.sixxs.net.       3600    IN      CNAME   us.ntp.sixxs.net.
> ntp.sixxs.net.          3600    IN      NS      ns1.sixxs.net.
> ntp.sixxs.net.          3600    IN      NS      ns2.sixxs.net.
> ntp.sixxs.net.          3600    IN      NS      ns3.sixxs.net.
> sixxs.net.              3600    IN      NS      ns.paphosting.net.
> sixxs.net.              3600    IN      NS      ns.paphosting.nl.
> sixxs.net.              3600    IN      NS      ns.paphosting.eu.
> ;; Received 345 bytes from 2001:788:2:117::2#53(ns.paphosting.eu) in 27 ms
> ------------------------------------------------------------------------->8
>
> and that is the last hop, there is no query to nsX.sixxs.net that while
> a +trace is supposed to go on.
>
> It seems to depend a lot on which recursor is in the middle if that last
> hop is ever reached or not.
>
> Greets,
>  Jeroen
>

More information about the dns-operations mailing list