[dns-operations] An interesting variant

Mark Andrews marka at isc.org
Thu Dec 29 03:54:59 UTC 2016 

These servers return a DNSSEC response with rd set to a plain
non-recursive DNS request.

Mark

ke. @185.38.108.108 (kenic.anycastdns.cz.): A=opt,rd NS=opt,rd MD=opt,rd MF=opt,rd CNAME=opt,rd SOA=opt,rd MB=opt,rd MG=opt,rd MR=opt,rd NULL=opt,rd WKS=opt,rd PTR=opt,rd HINFO=opt,rd MINFO=opt,rd MX=opt,rd TXT=opt,rd RP=opt,rd AFSDB=opt,rd X25=opt,rd ISDN=opt,rd RT=opt,rd NSAP=opt,rd NSAP-PTR=opt,rd SIG=opt,rd KEY=opt,rd PX=opt,rd GPOS=opt,rd AAAA=opt,rd LOC=opt,rd NXT=opt,rd SRV=opt,rd NAPTR=opt,rd KX=opt,rd CERT=opt,rd A6=opt,rd DNAME=opt,rd APL=opt,rd DS=opt,rd SSHFP=opt,rd IPSECKEY=opt,rd RRSIG=opt,rd NSEC=opt,rd DNSKEY=opt,rd DHCID=opt,rd NSEC3=opt,rd NSEC3PARAM=opt,rd TLSA=opt,rd SMIMEA=opt,rd HIP=opt,rd CDS=opt,rd CDNSKEY=opt,rd OPENPGPKEY=opt,rd SPF=opt,rd NID=opt,rd L32=opt,rd L64=opt,rd LP=opt,rd EUI48=opt,rd EUI64=opt,rd URI=opt,rd CAA=opt,rd DLV=opt,rd TYPE1000=opt,rd
ke. @185.28.194.194 (kenic.anycastdns.cz.): SOA=opt MG=opt,rd MR=opt,rd PTR=opt,rd MINFO=opt,rd MX=opt,rd AFSDB=opt,rd ISDN=opt,rd NSAP=opt,rd NSAP-PTR=opt,rd KEY=opt,rd GPOS=opt,rd AAAA=rd NXT=opt,rd SRV=opt,rd NAPTR=opt,rd DNAME=opt,rd APL=opt,rd DS=opt,rd SSHFP=opt,rd IPSECKEY=opt,rd RRSIG=opt,rd NSEC=opt,rd DNSKEY=opt,rd NSEC3=opt,rd CDS=opt,rd OPENPGPKEY=opt,rd SPF=opt,rd L64=opt,rd LP=opt,rd EUI48=opt,rd EUI64=opt,rd CAA=opt,rd DLV=opt,rd TYPE1000=opt,rd


; <<>> DiG 9.11.0 <<>> +noedns +norec +noad ke. @185.38.108.108 a +qr
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34582
;; flags:; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ke.				IN	A

;; QUERY SIZE: 20

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34582
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;ke.				IN	A

;; AUTHORITY SECTION:
ke.			14400	IN	SOA	mzizi.kenic.or.ke. hostmaster.kenic.or.ke. 2016121606 86400 3600 2592000 14400
ke.			14400	IN	NSEC	ac.ke. NS SOA RRSIG NSEC DNSKEY

;; Query time: 11 msec
;; SERVER: 185.38.108.108#53(185.38.108.108)
;; WHEN: Thu Dec 29 14:51:34 EST 2016
;; MSG SIZE  rcvd: 119

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE:	+61 2 9871 4742		         INTERNET: marka at isc.org

More information about the dns-operations mailing list