[dns-operations] How to avoid minimal-responses queries?

Kaio Rafael kaiorafael at dcc.ufam.edu.br
Fri Sep 16 13:00:55 UTC 2016

2016-09-15 13:13 GMT-04:00 Fred Morris <m3047 at m3047.net>:
> On Wed, 14 Sep 2016, Kaio Rafael wrote:
>> I have been monitoring Fast-Flux domains and sometimes I've got DIG
>> output missing fields such as Authority and Additional. Additional
>> field is very useful under my research.
>> Is there any way to force DIG to get full DNS response without sending
>> additional NS queries?
> As others have noted: no.

I wrote a module based on Net::DNS, which I call Net::DNS::Simple, to
retrieve those sections instead of parsing Dig output. It would be
easier for me just to type DIG ;)

> If you want completeness, then you need to test that assumption and you
> won't be able to do that without issuing additional queries. When you do
> so, you may find out that portions of the internet (or at least the DNS)
> are broken or at least misconfigured, or simply don't do what you want.

I am not DNS operator, but from from my research point of view, those
changes create extra steps to detect malicious domains.

However, Internet brokenness is not limited only for DNS protocol. For
instance, to grab few info from WHOIS database, one needs to check
privacy policy, rate limit, data availability, so on and so forth.

> Before we leave this topic, let's briefly mention RD and ANY.
> ANY is a synthetic/wildcard query, and if you follow this mailing list you
> will know that some operators block it. In any case the semantics of ANY
> are orthogonal to what you desire: ANY will try to get records of any type
> to put into the Answer section, it does not address the Additional or
> Authority sections. The behavior of ANY when directed at recursive/caching
> resolvers rather than authority servers may be surprising: it may only
> return what the cache knows about.

Thanks Fred, I did not know about the ANY-type behavior.

Kaio Rafael

More information about the dns-operations mailing list