underscore in photos_ugc.l.google.com
Helo, did anyone notice that hostname at google has an underscore? lh6.ggpht.com. 86400 IN CNAME photos_ugc.l.google.com. photos_ugc.l.google.com. 300IN A 74.125.39.132 -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0... ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
about a query
Hello, Please see the dig info below. ns1.dns-diy.com is the auth-server of duowan.com domain. My question is, when ns1.dns-diy.com answer with a CNAME for "udb.duowan.com", and the answer also include an A RR for that alias, how will the public DNS cache servers handle this answer? Will the DNS cache use this A RR as result directly, or they make a new request for the alias domain name udb.duowan.blogchina.org and find the result? Thanks! $ dig udb.duowan.com +trace ; <<>> DiG 9.4.2-P2 <<>> udb.duowan.com +trace ;; global options: printcmd . 108212 IN NS d.root-servers.net. . 108212 IN NS e.root-servers.net. . 108212 IN NS m.root-servers.net. . 108212 IN NS b.root-servers.net. . 108212 IN NS g.root-servers.net. . 108212 IN NS l.root-servers.net. . 108212 IN NS c.root-servers.net. . 108212 IN NS i.root-servers.net. . 108212 IN NS k.root-servers.net. . 108212 IN NS a.root-servers.net. . 108212 IN NS j.root-servers.net. . 108212 IN NS h.root-servers.net. . 108212 IN NS f.root-servers.net. ;; Received 512 bytes from 202.96.128.86#53(202.96.128.86) in 4 ms com.172800 IN NS h.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. ;; Received 492 bytes from 128.8.10.90#53(d.root-servers.net) in 340 ms duowan.com. 172800 IN NS ns1.dns-diy.com. duowan.com. 172800 IN NS ns2.dns-diy.com. ;; Received 204 bytes from 192.35.51.30#53(f.gtld-servers.net) in 300 ms udb.duowan.com. 9 IN CNAME udb.duowan.blogchina.org. udb.duowan.blogchina.org. 5 IN A 64.38.63.4 ;; Received 86 bytes from 218.85.139.33#53(ns1.dns-diy.com) in 19 ms -- Free SmartDNS Hosting: http://DNSbed.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: about a query
That depends on the implementation. Really old versions of BIND would have accepted the A record. However, it's not in-bailiwick, so any name server that would accept it is very likely vulnerable to cache poisoning. Current versions of BIND (probably stretching back to somewhere in the 8.2 series) will disregard it and resolve it separately. Chris Buxton BlueCat Networks On 2/21/11, Terry. wrote: > Hello, > > Please see the dig info below. ns1.dns-diy.com is the auth-server of > duowan.com domain. > My question is, when ns1.dns-diy.com answer with a CNAME for > "udb.duowan.com", and the answer also include an A RR for that alias, > how will the public DNS cache servers handle this answer? > Will the DNS cache use this A RR as result directly, or they make a > new request for the alias domain name udb.duowan.blogchina.org and > find the result? > > Thanks! > > $ dig udb.duowan.com +trace > > ; <<>> DiG 9.4.2-P2 <<>> udb.duowan.com +trace > ;; global options: printcmd > . 108212 IN NS d.root-servers.net. > . 108212 IN NS e.root-servers.net. > . 108212 IN NS m.root-servers.net. > . 108212 IN NS b.root-servers.net. > . 108212 IN NS g.root-servers.net. > . 108212 IN NS l.root-servers.net. > . 108212 IN NS c.root-servers.net. > . 108212 IN NS i.root-servers.net. > . 108212 IN NS k.root-servers.net. > . 108212 IN NS a.root-servers.net. > . 108212 IN NS j.root-servers.net. > . 108212 IN NS h.root-servers.net. > . 108212 IN NS f.root-servers.net. > ;; Received 512 bytes from 202.96.128.86#53(202.96.128.86) in 4 ms > > com.172800 IN NS h.gtld-servers.net. > com.172800 IN NS g.gtld-servers.net. > com.172800 IN NS e.gtld-servers.net. > com.172800 IN NS c.gtld-servers.net. > com.172800 IN NS d.gtld-servers.net. > com.172800 IN NS a.gtld-servers.net. > com.172800 IN NS l.gtld-servers.net. > com.172800 IN NS f.gtld-servers.net. > com.172800 IN NS k.gtld-servers.net. > com.172800 IN NS b.gtld-servers.net. > com.172800 IN NS i.gtld-servers.net. > com.172800 IN NS m.gtld-servers.net. > com.172800 IN NS j.gtld-servers.net. > ;; Received 492 bytes from 128.8.10.90#53(d.root-servers.net) in 340 ms > > duowan.com. 172800 IN NS ns1.dns-diy.com. > duowan.com. 172800 IN NS ns2.dns-diy.com. > ;; Received 204 bytes from 192.35.51.30#53(f.gtld-servers.net) in 300 ms > > udb.duowan.com. 9 IN CNAME udb.duowan.blogchina.org. > udb.duowan.blogchina.org. 5 IN A 64.38.63.4 > ;; Received 86 bytes from 218.85.139.33#53(ns1.dns-diy.com) in 19 ms > > -- > Free SmartDNS Hosting: > http://DNSbed.com/ > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Sent from my mobile device ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Question about some oddities in the logs
Hello. I've recently put into production a new recursive nameserver, and
decided to take a look in the logfiles (the old servers didn't have
logging enabled so I can't really compare the current logs with whatever
the old ones would have been).
I understand most of the entries in the logs + statistics, but there's a
couple of things I'm not sure about - my hope is that someone here can
shed some light on these, and perhaps also tell me if it's expected to see
these in the wild.
The nameserver is running BIND 9.7.2-P3 btw, and yes I know 9.7.3 is out -
it will be upgraded soon.
We're not talking about query logging btw, only a fairly simple logging
channel:
channel default_debug {
file "logs/named.run" versions 20 size 500m;
print-time yes;
print-category yes;
print-severity yes;
severity dynamic;
};
Now, to the log entries (I've removed timestamps + IP-addresses):
1) notify: notice: client x.x.x.x#n: notify question section contains no SOA
Should I be seeing these normally? They only seem to make up a small part
of the full logfiles, still seeing a couple of thousand of these in just a
few days time.
2) security: info: client x.x.x.x#n: query (cache) './A/CH' denied
Not many of these either, but they still seemed a bit weird. Could they be
caused somehow by me running a slave of the root "." defined as:
zone "." IN {
type slave;
file "slave/root.zone";
masters {
...a couple of the root-servers.net servers
};
notify no;
};
I wouldn't expect that to be the cause though, as it's defined as class IN
and not CH.
3) And finally, in the normal statistics file, I see mention of some
RESERVED counters, but I haven't found any corresponding mention in the
logfiles.
For example, the "Incoming Requests" section lists the number of QUERY,
IQUERY, UPDATE etc, but it also lists a small number of RESERVED13 and
RESERVED14. The "Incoming Queries" lists a couple of RESERVED0, and
"Outgoing Queries" lists some RESERVED0 as well.
Should I expect to see these out in the wild? Or should I only really
worry if they're listed in bigger numbers?
Regards
Eivind Olsen
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: about a query
Thanks a lot Chris. 2011/2/21 Chris Buxton : > That depends on the implementation. Really old versions of BIND would > have accepted the A record. However, it's not in-bailiwick, so any > name server that would accept it is very likely vulnerable to cache > poisoning. > > Current versions of BIND (probably stretching back to somewhere in the > 8.2 series) will disregard it and resolve it separately. > > Chris Buxton > BlueCat Networks > > > On 2/21/11, Terry. wrote: >> Hello, >> >> Please see the dig info below. ns1.dns-diy.com is the auth-server of >> duowan.com domain. >> My question is, when ns1.dns-diy.com answer with a CNAME for >> "udb.duowan.com", and the answer also include an A RR for that alias, >> how will the public DNS cache servers handle this answer? >> Will the DNS cache use this A RR as result directly, or they make a >> new request for the alias domain name udb.duowan.blogchina.org and >> find the result? >> >> Thanks! >> >> $ dig udb.duowan.com +trace >> >> ; <<>> DiG 9.4.2-P2 <<>> udb.duowan.com +trace >> ;; global options: printcmd >> . 108212 IN NS d.root-servers.net. >> . 108212 IN NS e.root-servers.net. >> . 108212 IN NS m.root-servers.net. >> . 108212 IN NS b.root-servers.net. >> . 108212 IN NS g.root-servers.net. >> . 108212 IN NS l.root-servers.net. >> . 108212 IN NS c.root-servers.net. >> . 108212 IN NS i.root-servers.net. >> . 108212 IN NS k.root-servers.net. >> . 108212 IN NS a.root-servers.net. >> . 108212 IN NS j.root-servers.net. >> . 108212 IN NS h.root-servers.net. >> . 108212 IN NS f.root-servers.net. >> ;; Received 512 bytes from 202.96.128.86#53(202.96.128.86) in 4 ms >> >> com. 172800 IN NS h.gtld-servers.net. >> com. 172800 IN NS g.gtld-servers.net. >> com. 172800 IN NS e.gtld-servers.net. >> com. 172800 IN NS c.gtld-servers.net. >> com. 172800 IN NS d.gtld-servers.net. >> com. 172800 IN NS a.gtld-servers.net. >> com. 172800 IN NS l.gtld-servers.net. >> com. 172800 IN NS f.gtld-servers.net. >> com. 172800 IN NS k.gtld-servers.net. >> com. 172800 IN NS b.gtld-servers.net. >> com. 172800 IN NS i.gtld-servers.net. >> com. 172800 IN NS m.gtld-servers.net. >> com. 172800 IN NS j.gtld-servers.net. >> ;; Received 492 bytes from 128.8.10.90#53(d.root-servers.net) in 340 ms >> >> duowan.com. 172800 IN NS ns1.dns-diy.com. >> duowan.com. 172800 IN NS ns2.dns-diy.com. >> ;; Received 204 bytes from 192.35.51.30#53(f.gtld-servers.net) in 300 ms >> >> udb.duowan.com. 9 IN CNAME udb.duowan.blogchina.org. >> udb.duowan.blogchina.org. 5 IN A 64.38.63.4 >> ;; Received 86 bytes from 218.85.139.33#53(ns1.dns-diy.com) in 19 ms >> >> -- >> Free SmartDNS Hosting: >> http://DNSbed.com/ >> ___ >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> > > -- > Sent from my mobile device > ___ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Free SmartDNS Hosting: http://DNSbed.com/ ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
