[dns-operations] should recursors think there are only delegation data in tld name servers?
刘明星
lmxhappy at gmail.com
Fri Mar 28 05:23:21 UTC 2014
dig @n.de.net 1s.de mx +dnssec
and find that the mx record of 1s.de is from the n.de.net(194.146.107.6),
but it is not enough to make sure that from the .de zone. Maybe it the
nameservers for the .de zone also serve for the 1s.de.
so it is clear for .de administrator to know the details.
2014-03-28 10:34 GMT+08:00 Paul Wouters <paul at nohats.ca>:
> On Thu, 27 Mar 2014, Paul Vixie wrote:
>
> Those and the others you quoted are all glue records, not authoritative,
>>> and no RRSIG's over those records.
>>>
>>
>> here's how i checked my work.
>>
>
> I don't see how that checks your work?
>
>
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace 1s.de mx
>> ;; global options: +cmd
>> . 15714 IN NS a.root-servers.net.
>>
> [...]
>
> ;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 429 ms
>>
>
> How did google DNS get into this picture?
>
I am not clear about what does the matter with GOOGLE DNS.
> I do get an RRSIG for the mx of 1s.de, despite a lack of NS records.
> But you wrote:
>
> i> vixie at linux1:~/work/fsi/dnsdb_c$ ./dnsdb_query -r \*.de/a/de -l 5
>
> ;; record times: 2010-07-15 00:37:59 .. 2011-10-27 21:35:17
>> ;; count: 291; bailiwick: de.
>> 4.de. A 212.227.111.250
>>
>> ;; record times: 2011-01-12 11:00:47 .. 2011-01-25 13:46:42
>> ;; count: 25; bailiwick: de.
>> e.de. A 81.91.170.47
>>
>
> And I only see glue for those:
>
> paul at bofh:~$ dig +dnssec a 4.de. @l.de.net.
>
> ; <<>> DiG 9.9.3-rl.13207.22-P2-RedHat-9.9.3-14.P2.fc19 <<>> +dnssec a
> 4.de. @l.de.net.
>
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29167
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1
>
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags: do; udp: 4096
> ;; QUESTION SECTION:
> ;4.de. IN A
>
> ;; AUTHORITY SECTION:
> 4.de. 86400 IN NS ns1.sedoparking.com.
> 4.de. 86400 IN NS ns2.sedoparking.com.
> H319DM5GC3EDEK691VQBHEHOT7VGGJ2B.de. 7200 IN NSEC3 1 1 15 BA5EBA11
> H31BJ3G4QCC5ICBKQH14CB2K8KTQICPL NS SOA RRSIG DNSKEY NSEC3PARAM
> H319DM5GC3EDEK691VQBHEHOT7VGGJ2B.de. 7200 IN RRSIG NSEC3 8 2 7200
> 20140403230000 20140327230000 53878 de.
> ZtJ+KUJTnh9QSOedPs+4nIuLbkxa86JbsRplMFtRhfbq9KWMMp+YHzgr
> UFKiQ71d9QBDyGoCov1+Oz3EgfGSkojB71jgOTWDRB5LYdXO35ACFDa2
> HeA/0cTMjT7Ul52n40oGw8zP6PmUp9A1S/h2uVRw8BMCFNwe/HHT8fPC 1Us=
> OFECAIH12QR28GUSVDT6U10ITI4BPED0.de. 7200 IN NSEC3 1 1 15 BA5EBA11
> OFEM3DBGPQNQ64PA9KGQTN4DR1O4CH58 OFECAIH12QR28GUSVDT6U10ITI4BPED0.de.
> 7200 IN RRSIG NSEC3 8 2 7200
> 20140403230000 20140327230000 53878 de.
> A3VN8HixeQ/H556rrOpWAbGO9bm5+Jv6EFw/PJBRCnZwRlIYuTaI+Se2
> vWSNT2iImyDNln5XIIOZz3/vK1nlld3LxmX78Wz+455OX2U/wLcK0pFv
> s0E64Lf/PAWfkU8NhGXdBQoMol8ZcW0/xqfdZurDhQlM5g74IwTiiA1z fEw=
>
> ;; Query time: 95 msec
> ;; SERVER: 77.67.63.105#53(77.67.63.105)
> ;; WHEN: Thu Mar 27 22:32:39 EDT 2014
> ;; MSG SIZE rcvd: 567
>
> paul at bofh:~$
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140328/35909a90/attachment.html>
More information about the dns-operations
mailing list