[RFCI-Discuss] Interesting Question
Derek J. Balling
Dredd at megacity.org
Sun Dec 4 16:39:41 EST 2005
OK, I'm not going to claim to understand the DNS RFCs nearly as well
as others.
Ponder the output of something like, a.root-servers.net:
$ dig @a.root-servers.net megacity.org ns
; <<>> DiG 9.2.4 <<>> @a.root-servers.net megacity.org ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44736
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 6
;; QUESTION SECTION:
;megacity.org. IN NS
;; AUTHORITY SECTION:
org. 172800 IN NS TLD1.ULTRADNS.NET.
org. 172800 IN NS TLD2.ULTRADNS.NET.
org. 172800 IN NS TLD3.ULTRADNS.org.
org. 172800 IN NS TLD4.ULTRADNS.org.
org. 172800 IN NS TLD5.ULTRADNS.INFO.
org. 172800 IN NS TLD6.ULTRADNS.CO.UK.
;; ADDITIONAL SECTION:
TLD1.ULTRADNS.NET. 172800 IN A 204.74.112.1
TLD2.ULTRADNS.NET. 172800 IN A 204.74.113.1
TLD3.ULTRADNS.org. 172800 IN A 199.7.66.1
TLD4.ULTRADNS.org. 172800 IN A 199.7.67.1
TLD5.ULTRADNS.INFO. 172800 IN A 192.100.59.11
TLD6.ULTRADNS.CO.UK. 172800 IN A 198.133.199.11
;; Query time: 16 msec
;; SERVER: 198.41.0.4#53(a.root-servers.net)
;; WHEN: Sun Dec 4 16:34:43 2005
;; MSG SIZE rcvd: 288
.... there is no ANSWER section, only an AUTHORITY section, telling
me that "Hey, I'm not really sure the answer, the authoritative
answer is down that-away."
Similarly, if I was to query ultradns:
$ dig @tld1.ultradns.net megacity.org ns
; <<>> DiG 9.2.4 <<>> @tld1.ultradns.net megacity.org ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23445
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;megacity.org. IN NS
;; AUTHORITY SECTION:
megacity.org. 86400 IN NS ns3.megacity.org.
megacity.org. 86400 IN NS ns2.megacity.org.
megacity.org. 86400 IN NS ns1.megacity.org.
;; ADDITIONAL SECTION:
ns3.megacity.org. 86400 IN A 65.221.104.162
ns2.megacity.org. 86400 IN A 64.142.22.245
ns1.megacity.org. 86400 IN A 65.221.104.161
;; Query time: 44 msec
;; SERVER: 204.74.112.1#53(tld1.ultradns.net)
;; WHEN: Sun Dec 4 16:35:41 2005
;; MSG SIZE rcvd: 132
... it tells me "nope, the authoritative answer is thataway, but
here's some glue in case you need it."
Why is it, then, that if I was to query gtld-servers.net servers,
looking for a .com domain, I get something completely different?
$ dig @a.gtld-servers.net yahoo.com ns
; <<>> DiG 9.2.4 <<>> @a.gtld-servers.net yahoo.com ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43866
;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5
;; QUESTION SECTION:
;yahoo.com. IN NS
;; ANSWER SECTION:
yahoo.com. 172800 IN NS ns1.yahoo.com.
yahoo.com. 172800 IN NS ns2.yahoo.com.
yahoo.com. 172800 IN NS ns3.yahoo.com.
yahoo.com. 172800 IN NS ns4.yahoo.com.
yahoo.com. 172800 IN NS ns5.yahoo.com.
;; ADDITIONAL SECTION:
ns1.yahoo.com. 172800 IN A 66.218.71.63
ns2.yahoo.com. 172800 IN A 66.163.169.170
ns3.yahoo.com. 172800 IN A 217.12.4.104
ns4.yahoo.com. 172800 IN A 63.250.206.138
ns5.yahoo.com. 172800 IN A 216.109.116.17
;; Query time: 17 msec
;; SERVER: 192.5.6.30#53(a.gtld-servers.net)
;; WHEN: Sun Dec 4 16:36:47 2005
;; MSG SIZE rcvd: 197
.... as near as I can tell this is the absolute *worst* condition
possible, or should be from my understanding of the DNS results:
(a) the "aa" flag is not set. The answer is not considered
authoritative.
(b) there are "0" authority records sent. No direction is given as to
where one might find an authoritative answer
So, if you were only paying attention to "the authority path", you
could never track down a domain through the gtld-servers.net responses.
Clearly the world hasn't ended, so what am I missing? Does the world
just work around an archaic/broken configuration on the existing .COM
servers? Is there some voodoo that I'm missing?
And, bonus points to anyone except Ralf or Phil Kizer who can guess
why I noticed this discrepancy....
Cheers,
D
More information about the RFCI-Discuss
mailing list