On Jan 6, 2012, at 11:14 AM, David Forrest wrote:
On Fri, 6 Jan 2012, M. Meadows wrote:
Wondering why we get variable results from the following
command: dig eftc.thehartford.com
(sometimes we get authority section and additional section
feedback ... sometimes we don't)
;; Query time: 52 msec
;; SERVER: 172.25.17.185#53(172.25.17.185) ;; WHEN: Fri Jan 6
00:10:02 2012 ;; MSG SIZE rcvd: 202
I assume this is due to differences in response from different auth
nameservers. If that's the case ... what does one have set up to
return the 2nd response?
As the server wasn't specified, dig tries each of the servers listed
in /etc/resolv.conf and used 172.25.17.185 both times, one with the
rd flag set and got a non-authoritative answer and an
authoritative. I'd assume there are multiple instances or views and
you're getting cached answers occasionally. If consistency is
needed, maybe specify the server with @server and/or +[no]recurse
The cited dig answers differ in that only one has the 'rd' flag
("recursion desired"), which
suggests to me a difference in the queries.
It would be interesting to know whether +recurse versus +norecurse
controls it. Also, +qr would
let you directly see what flags are in the query.
It's a mystery if the answers differ despite the exact same dig
command, the same client IP and
client computer login (i.e., same .digrc if one exists). If it's from
different client IPs,
Bind "views" configured on the server could cause such a different.
John Wobus
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
