On 06/08/11 05:09, Jeff Peng wrote: > Hello, > >>From the dig info below: > > C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com > www.nsbeta.info. 3497 IN CNAME nsbeta.info. > nsbeta.info. 2434 IN A 74.117.232.204 > > C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com > www.nsbeta.info. 3492 IN CNAME nsbeta.info. > nsbeta.info. 2429 IN A 74.117.232.204 > > C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com > www.nsbeta.info. 3486 IN CNAME nsbeta.info. > nsbeta.info. 2423 IN A 74.117.232.204 > > > I think my office network's DNS is tainted. because:
What do you mean by 'your office DNS' if you're not asking anything in your office? It looks rather like either someone in your office or your ISP is intercepting DNS traffic and answering questions directly. Probably dig without server would result in answers fitting in same decreasing TTL. This is bad, but I don't think you can do much to avoid it, except complaining or creating some VPN tunnel. It's not however too bad, unless you're either using TSIG and have locally configured keys, or trying to debug some specific DNS problem. Answers go out and are returned, that's most of what's expected from DNS. Torinthiel > > 1) ns1.google.com is authoritative nameserver only, which shouldn't answer > this query. > 2) the TTL is decreased each time, if it's a real authority answer, the TTL > should be all the same. > > And this is the full output of dig: > > C:\dig>dig www.nsbeta.info @ns1.google.com > > ; <<>> DiG 9.3.2 <<>> www.nsbeta.info @ns1.google.com > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1183 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.nsbeta.info. IN A > > ;; ANSWER SECTION: > www.nsbeta.info. 3111 IN CNAME nsbeta.info. > nsbeta.info. 2048 IN A 74.117.232.204 > > ;; Query time: 15 msec > ;; SERVER: 216.239.32.10#53(216.239.32.10) > ;; WHEN: Wed Jun 08 11:09:09 2011 > ;; MSG SIZE rcvd: 74 > > > How to deal with this case? Thanks. > > Regards. > > ____________________________________________________________ > FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop! > Check it out at http://www.inbox.com/earth > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
