Hello DNS ops,
last week I discovered something that I personally would consider a bug in
binds dig utility, at least the behaviour was unexpected for me.
Summary: too many dns requests, using the system resolver although told
otherwise.
My question now is: bug or feature?
Currently I am implementing a little testbed that simulates the DNS
hiererchy, including root servers, TLD servers and so on.
I thought it would be nice to let the dig utility show me the delegations it
follows when resolving www.example.org in my testbed, using the +trace option,
and starting by one of the simulated rootservers. Like so:
$ dig +trace www.example.org @10.1.1.1
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace www.example.org @10.1.1.1
;; global options: +cmd
. 2 IN NS a.root-servers.net.
. 2 IN NS a.root-servers.net.
;; Received 77 bytes from 10.1.1.1#53(10.1.1.1) in 5 ms
org. 172800 IN NS d0.org.afilias-nst.org.
org. 172800 IN NS b2.org.afilias-nst.org.
org. 172800 IN NS b0.org.afilias-nst.org.
org. 172800 IN NS c0.org.afilias-nst.info.
org. 172800 IN NS a2.org.afilias-nst.info.
org. 172800 IN NS a0.org.afilias-nst.info.
;; Received 435 bytes from 198.41.0.4#53(198.41.0.4) in 188 ms
example.org. 86400 IN NS a.iana-servers.net.
example.org. 86400 IN NS b.iana-servers.net.
;; Received 81 bytes from 199.19.56.1#53(199.19.56.1) in 186 ms
www.example.org. 86400 IN A 93.184.216.119
example.org. 172800 IN NS b.iana-servers.net.
example.org. 172800 IN NS a.iana-servers.net.
;; Received 185 bytes from 199.43.133.53#53(199.43.133.53) in 192 ms
As you can see, immedeately after the first lookup the dig utility leaves my
testbed, which consists of a simulated 10/8, and runs right off the Internet.
The reason is that dig uses the system resolver from resolv.conf for all but
the initial query and the direct queries to the authoritative servers.
This can easily by validated when you look at a pcap trace from something like
$ dig +trace www.tu-berlin.de @198.41.0.4
or
$ dig +trace -4 www.tu-berlin.de @198.41.0.4
For reference I attached a plot generated by wireshark for the second command,
limiting the packet count from 94 to 52 packets.
cheers,
Florian
--
Florian Streibelt, Dipl.-Inf. building MAR, 4th floor, room 4.004
Fachgebiet INET - Sekr. MAR 4-4 phone: +49 30 314 757 33
Technische Universität Berlin gpg-fp: 5BE7 F008 8B83 9357 1108
Marchstrasse 23 - 10587 Berlin 984A 3B8E A41F 82F6 1240
|Time | 130.149.x.y (local system) | 130.149.x.y (local
resolver) | 194.246.96.1 |
| | | 198.41.0.4 | |
192.36.148.17 | | 130.149.7.7 |
|0.000000000| Standard query 0x0f | |
| | |DNS: Standard query 0x0fb6
NS <Root>
| |(42361) ------------------> (53) | |
| | |
|0.014763000| Standard query resp | |
| | |DNS: Standard query
response 0x0fb6 NS a.root-servers.net NS b.root-servers.net NS
c.root-servers.net NS d.root-servers.net NS e.root-servers.net NS
f.root-servers.net NS g.root-servers.net NS h.root-servers.net NS
i.root-servers.net NS j.root-servers.net NS k.root-servers.net NS
l.root-servers.net NS m.root-servers.net
| |(42361) <------------------ (53) | |
| | |
|0.016174000| Standard query 0x3c | |
| | |DNS: Standard query 0x3c52
A a.root-servers.net
| |(38944) --------------------------------------> (53) |
| | |
|0.017392000| Standard query resp | |
| | |DNS: Standard query
response 0x3c52 A 198.41.0.4
| |(38944) <-------------------------------------- (53) |
| | |
|0.017787000| Standard query 0x08 | |
| | |DNS: Standard query 0x087e
A b.root-servers.net
| |(44300) --------------------------------------> (53) |
| | |
|0.019293000| Standard query resp | |
| | |DNS: Standard query
response 0x087e A 192.228.79.201
| |(44300) <-------------------------------------- (53) |
| | |
|0.019538000| Standard query 0xa7 | |
| | |DNS: Standard query 0xa7cb
A c.root-servers.net
| |(54927) --------------------------------------> (53) |
| | |
|0.020425000| Standard query resp | |
| | |DNS: Standard query
response 0xa7cb A 192.33.4.12
| |(54927) <-------------------------------------- (53) |
| | |
|0.020687000| Standard query 0xf1 | |
| | |DNS: Standard query 0xf1da
A d.root-servers.net
| |(47734) --------------------------------------> (53) |
| | |
|0.021823000| Standard query resp | |
| | |DNS: Standard query
response 0xf1da A 199.7.91.13
| |(47734) <-------------------------------------- (53) |
| | |
|0.022107000| Standard query 0xa0 | |
| | |DNS: Standard query 0xa072
A e.root-servers.net
| |(39238) --------------------------------------> (53) |
| | |
|0.023105000| Standard query resp | |
| | |DNS: Standard query
response 0xa072 A 192.203.230.10
| |(39238) <-------------------------------------- (53) |
| | |
|0.023329000| Standard query 0x5b | |
| | |DNS: Standard query 0x5b1a
A f.root-servers.net
| |(59965) --------------------------------------> (53) |
| | |
|0.024382000| Standard query resp | |
| | |DNS: Standard query
response 0x5b1a A 192.5.5.241
| |(59965) <-------------------------------------- (53) |
| | |
|0.024607000| Standard query 0xca | |
| | |DNS: Standard query 0xca8b
A g.root-servers.net
| |(51554) --------------------------------------> (53) |
| | |
|0.025667000| Standard query resp | |
| | |DNS: Standard query
response 0xca8b A 192.112.36.4
| |(51554) <-------------------------------------- (53) |
| | |
|0.025823000| Standard query 0x07 | |
| | |DNS: Standard query 0x072e
A h.root-servers.net
| |(37787) --------------------------------------> (53) |
| | |
|0.027028000| Standard query resp | |
| | |DNS: Standard query
response 0x072e A 128.63.2.53
| |(37787) <-------------------------------------- (53) |
| | |
|0.027252000| Standard query 0x5f | |
| | |DNS: Standard query 0x5f45
A i.root-servers.net
| |(39058) --------------------------------------> (53) |
| | |
|0.028343000| Standard query resp | |
| | |DNS: Standard query
response 0x5f45 A 192.36.148.17
| |(39058) <-------------------------------------- (53) |
| | |
|0.028563000| Standard query 0x6f | |
| | |DNS: Standard query 0x6f50
A j.root-servers.net
| |(38115) --------------------------------------> (53) |
| | |
|0.029613000| Standard query resp | |
| | |DNS: Standard query
response 0x6f50 A 192.58.128.30
| |(38115) <-------------------------------------- (53) |
| | |
|0.029850000| Standard query 0x07 | |
| | |DNS: Standard query 0x0777
A k.root-servers.net
| |(43438) --------------------------------------> (53) |
| | |
|0.030945000| Standard query resp | |
| | |DNS: Standard query
response 0x0777 A 193.0.14.129
| |(43438) <-------------------------------------- (53) |
| | |
|0.031186000| Standard query 0xfd | |
| | |DNS: Standard query 0xfd68
A l.root-servers.net
| |(51125) --------------------------------------> (53) |
| | |
|0.032204000| Standard query resp | |
| | |DNS: Standard query
response 0xfd68 A 199.7.83.42
| |(51125) <-------------------------------------- (53) |
| | |
|0.032430000| Standard query 0xef | |
| | |DNS: Standard query 0xef21
A m.root-servers.net
| |(54732) --------------------------------------> (53) |
| | |
|0.033485000| Standard query resp | |
| | |DNS: Standard query
response 0xef21 A 202.12.27.33
| |(54732) <-------------------------------------- (53) |
| | |
|0.034405000| Standard query 0xd1 | |
| | |DNS: Standard query 0xd16b
A www.tu-berlin.de
| |(34298) ---------------------------------------------------------->
(53) | | |
|0.071441000| Standard query resp | |
| | |DNS: Standard query
response 0xd16b
| |(34298) <----------------------------------------------------------
(53) | | |
|0.072189000| Standard query 0x53 | |
| | |DNS: Standard query 0x5340
A z.nic.de
| |(41884) --------------------------------------> (53) |
| | |
|0.073365000| Standard query resp | |
| | |DNS: Standard query
response 0x5340 A 194.246.96.1
| |(41884) <-------------------------------------- (53) |
| | |
|0.073608000| Standard query 0x21 | |
| | |DNS: Standard query 0x216f
A f.nic.de
| |(40045) --------------------------------------> (53) |
| | |
|0.074696000| Standard query resp | |
| | |DNS: Standard query
response 0x216f A 81.91.164.5
| |(40045) <-------------------------------------- (53) |
| | |
|0.074927000| Standard query 0xf1 | |
| | |DNS: Standard query 0xf1c5
A n.de.net
| |(57470) --------------------------------------> (53) |
| | |
|0.075879000| Standard query resp | |
| | |DNS: Standard query
response 0xf1c5 A 194.146.107.6
| |(57470) <-------------------------------------- (53) |
| | |
|0.076097000| Standard query 0x28 | |
| | |DNS: Standard query 0x287b
A a.nic.de
| |(45889) --------------------------------------> (53) |
| | |
|0.077034000| Standard query resp | |
| | |DNS: Standard query
response 0x287b A 194.0.0.53
| |(45889) <-------------------------------------- (53) |
| | |
|0.077282000| Standard query 0xe7 | |
| | |DNS: Standard query 0xe7df
A s.de.net
| |(46017) --------------------------------------> (53) |
| | |
|0.078238000| Standard query resp | |
| | |DNS: Standard query
response 0xe7df A 195.243.137.26
| |(46017) <-------------------------------------- (53) |
| | |
|0.078475000| Standard query 0xda | |
| | |DNS: Standard query 0xda56
A l.de.net
| |(60127) --------------------------------------> (53) |
| | |
|0.079517000| Standard query resp | |
| | |DNS: Standard query
response 0xda56 A 77.67.63.105
| |(60127) <-------------------------------------- (53) |
| | |
|0.079876000| Standard query 0x6a | |
| | |DNS: Standard query 0x6ab0
A www.tu-berlin.de
| |(32872)
------------------------------------------------------------------------------>
(53) | |
|0.094188000| Standard query resp | |
| | |DNS: Standard query
response 0x6ab0
| |(32872)
<------------------------------------------------------------------------------
(53) | |
|0.094705000| Standard query 0x3e | |
| | |DNS: Standard query 0x3edb
A ns.tu-berlin.de
| |(49704) --------------------------------------> (53) |
| | |
|0.095856000| Standard query resp | |
| | |DNS: Standard query
response 0x3edb A 130.149.7.7
| |(49704) <-------------------------------------- (53) |
| | |
|0.096085000| Standard query 0x31 | |
| | |DNS: Standard query 0x31a5
A ws-ber1.win-ip.dfn.de
| |(45554) --------------------------------------> (53) |
| | |
|0.097121000| Standard query resp | |
| | |DNS: Standard query
response 0x31a5 A 193.174.75.142
| |(45554) <-------------------------------------- (53) |
| | |
|0.097336000| Standard query 0x41 | |
| | |DNS: Standard query 0x4175
A ws-fra1.win-ip.dfn.de
| |(41990) --------------------------------------> (53) |
| | |
|0.098499000| Standard query resp | |
| | |DNS: Standard query
response 0x4175 A 193.174.75.178
| |(41990) <-------------------------------------- (53) |
| | |
|0.098957000| Standard query 0x4d | |
| | |DNS: Standard query 0x4d7a
A www.tu-berlin.de
| |(36277)
-------------------------------------------------------------------------------------------------->
(53) |
|0.099792000| Standard query resp | |
| | |DNS: Standard query
response 0x4d7a A 130.149.7.201
| |(36277)
<--------------------------------------------------------------------------------------------------
(53) |
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
