[dns-operations] should recursors think there are only delegation data in tld name servers?

Paul Wouters paul at nohats.ca
Fri Mar 28 02:34:27 UTC 2014


On Thu, 27 Mar 2014, Paul Vixie wrote:

>> Those and the others you quoted are all glue records, not authoritative,
>> and no RRSIG's over those records.
>
> here's how i checked my work.

I don't see how that checks your work?

> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace 1s.de mx
> ;; global options: +cmd
> .                       15714   IN      NS      a.root-servers.net.
[...]
> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 429 ms

How did google DNS get into this picture?

I do get an RRSIG for the mx of 1s.de, despite a lack of NS records.
But you wrote:

i> vixie at linux1:~/work/fsi/dnsdb_c$ ./dnsdb_query -r \*.de/a/de -l 5
> ;; record times: 2010-07-15 00:37:59 .. 2011-10-27 21:35:17
> ;; count: 291; bailiwick: de.
> 4.de.  A  212.227.111.250
> 
> ;; record times: 2011-01-12 11:00:47 .. 2011-01-25 13:46:42
> ;; count: 25; bailiwick: de.
> e.de.  A  81.91.170.47

And I only see glue for those:

paul at bofh:~$ dig  +dnssec a 4.de. @l.de.net.

; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-14.P2.fc19 <<>> +dnssec a
4.de. @l.de.net.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29167
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;4.de.				IN	A

;; AUTHORITY SECTION:
4.de.			86400	IN	NS	ns1.sedoparking.com.
4.de.			86400	IN	NS	ns2.sedoparking.com.
H319DM5GC3EDEK691VQBHEHOT7VGGJ2B.de. 7200 IN NSEC3 1 1 15 BA5EBA11
H31BJ3G4QCC5ICBKQH14CB2K8KTQICPL NS SOA RRSIG DNSKEY NSEC3PARAM
H319DM5GC3EDEK691VQBHEHOT7VGGJ2B.de. 7200 IN RRSIG NSEC3 8 2 7200
20140403230000 20140327230000 53878 de.
ZtJ+KUJTnh9QSOedPs+4nIuLbkxa86JbsRplMFtRhfbq9KWMMp+YHzgr
UFKiQ71d9QBDyGoCov1+Oz3EgfGSkojB71jgOTWDRB5LYdXO35ACFDa2
HeA/0cTMjT7Ul52n40oGw8zP6PmUp9A1S/h2uVRw8BMCFNwe/HHT8fPC 1Us=
OFECAIH12QR28GUSVDT6U10ITI4BPED0.de. 7200 IN NSEC3 1 1 15 BA5EBA11
OFEM3DBGPQNQ64PA9KGQTN4DR1O4CH58 
OFECAIH12QR28GUSVDT6U10ITI4BPED0.de. 7200 IN RRSIG NSEC3 8 2 7200
20140403230000 20140327230000 53878 de.
A3VN8HixeQ/H556rrOpWAbGO9bm5+Jv6EFw/PJBRCnZwRlIYuTaI+Se2
vWSNT2iImyDNln5XIIOZz3/vK1nlld3LxmX78Wz+455OX2U/wLcK0pFv
s0E64Lf/PAWfkU8NhGXdBQoMol8ZcW0/xqfdZurDhQlM5g74IwTiiA1z fEw=

;; Query time: 95 msec
;; SERVER: 77.67.63.105#53(77.67.63.105)
;; WHEN: Thu Mar 27 22:32:39 EDT 2014
;; MSG SIZE  rcvd: 567

paul at bofh:~$




More information about the dns-operations mailing list