On Thu, 26 Nov 2009 14:18:11 -0500 Flamsmark <flamsm...@gmail.com> wrote: >2009/11/26 Scott Bennett <benn...@cs.niu.edu> > >> >Changing the DNS server to DNS rootservers would fix this problem. >> > >> Bzzzt!! That would eventually get an exit marked as a bad exit, too. >> Why? Because the root name servers serve only information in the root >> domain and the so-called top-level domains (e.g., .com, .edu, .gov, .info, >> .mil, country domains, and so on). They are much, much too busy to act >> as forwarders, so if you ask for anything that they don't serve themselves, >> you will get a "no answers" response. > > >How odd. I use the root servers on my personal machine, and have never
Here's an example of attempting to do what you suggested. Script started on Fri Nov 27 06:54:46 2009 mp% dig @k.root-servers.net. www.torproject.org. a ; <<>> DiG 9.3.1 <<>> @k.root-servers.net. www.torproject.org. a ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1041 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 12 ;; QUESTION SECTION: ;www.torproject.org. IN A ;; AUTHORITY SECTION: org. 172800 IN NS a0.org.afilias-nst.info. org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS b2.org.afilias-nst.org. org. 172800 IN NS c0.org.afilias-nst.info. org. 172800 IN NS d0.org.afilias-nst.org. ;; ADDITIONAL SECTION: a0.org.afilias-nst.info. 172800 IN A 199.19.56.1 a2.org.afilias-nst.info. 172800 IN A 199.249.112.1 b0.org.afilias-nst.org. 172800 IN A 199.19.54.1 b2.org.afilias-nst.org. 172800 IN A 199.249.120.1 c0.org.afilias-nst.info. 172800 IN A 199.19.53.1 d0.org.afilias-nst.org. 172800 IN A 199.19.57.1 a0.org.afilias-nst.info. 172800 IN AAAA 2001:500:e::1 a2.org.afilias-nst.info. 172800 IN AAAA 2001:500:40::1 b0.org.afilias-nst.org. 172800 IN AAAA 2001:500:c::1 b2.org.afilias-nst.org. 172800 IN AAAA 2001:500:48::1 c0.org.afilias-nst.info. 172800 IN AAAA 2001:500:b::1 d0.org.afilias-nst.org. 172800 IN AAAA 2001:500:f::1 ;; Query time: 63 msec ;; SERVER: 193.0.14.129#53(193.0.14.129) ;; WHEN: Fri Nov 27 06:55:07 2009 ;; MSG SIZE rcvd: 441 mp% exit script done on Fri Nov 27 06:55:10 2009 Notice in the example above that the answer count is zero and that no IP address or any other information is returned in response to the request for the A RR for www.torproject.org. >noticed this phenomenon. If you are correct, does DNS work? How does a user >know which DNS servers are authoritative for other blocks? > The resolver library routines on your computer start--at least in principle, though cacheing may cause a deviation from this procedure--at the top. After finding the addresses of one or more root servers from locally kept data, a root (.) server is queried for the top-level domain's authoritative name servers. To track down the authoritative name servers for a university in the U.S., for example, a query is sent to a root server to get the list of authoritative name servers for the edu. domain: Script started on Fri Nov 27 06:57:16 2009 mp% dig @k.root-servers.net. edu. ns ; <<>> DiG 9.3.1 <<>> @k.root-servers.net. edu. ns ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 813 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 8 ;; QUESTION SECTION: ;edu. IN NS ;; AUTHORITY SECTION: edu. 172800 IN NS a.gtld-servers.net. edu. 172800 IN NS c.gtld-servers.net. edu. 172800 IN NS d.gtld-servers.net. edu. 172800 IN NS e.gtld-servers.net. edu. 172800 IN NS f.gtld-servers.net. edu. 172800 IN NS g.gtld-servers.net. edu. 172800 IN NS l.gtld-servers.net. ;; ADDITIONAL SECTION: a.gtld-servers.net. 172800 IN A 192.5.6.30 c.gtld-servers.net. 172800 IN A 192.26.92.30 d.gtld-servers.net. 172800 IN A 192.31.80.30 e.gtld-servers.net. 172800 IN A 192.12.94.30 f.gtld-servers.net. 172800 IN A 192.35.51.30 g.gtld-servers.net. 172800 IN A 192.42.93.30 l.gtld-servers.net. 172800 IN A 192.41.162.30 a.gtld-servers.net. 172800 IN AAAA 2001:503:a83e::2:30 ;; Query time: 62 msec ;; SERVER: 193.0.14.129#53(193.0.14.129) ;; WHEN: Fri Nov 27 06:57:47 2009 ;; MSG SIZE rcvd: 292 Note that the list of NS RRs above comprises only a subset of the list of root servers. Take a look at the different list of servers authoritative for the za. domain: mp% dig @k.root-servers.net. za. ns ; <<>> DiG 9.3.1 <<>> @k.root-servers.net. za. ns ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1737 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 10 ;; QUESTION SECTION: ;za. IN NS ;; AUTHORITY SECTION: za. 172800 IN NS ns1.dns.aq. za. 172800 IN NS nsza.is.co.za. za. 172800 IN NS hippo.ru.ac.za. za. 172800 IN NS ns-za.ripe.net. za. 172800 IN NS auth00.ns.uu.net. za. 172800 IN NS ns-ext.isc.org. za. 172800 IN NS ucthpx.uct.ac.za. ;; ADDITIONAL SECTION: ns1.dns.aq. 172800 IN A 198.32.71.12 nsza.is.co.za. 172800 IN A 196.4.160.27 hippo.ru.ac.za. 172800 IN A 146.231.128.1 ns-za.ripe.net. 172800 IN A 193.0.12.205 auth00.ns.uu.net. 172800 IN A 198.6.1.65 ns-ext.isc.org. 172800 IN A 204.152.184.64 ucthpx.uct.ac.za. 172800 IN A 137.158.128.1 hippo.ru.ac.za. 172800 IN AAAA 2001:4200:1010::1 ns-za.ripe.net. 172800 IN AAAA 2001:610:240:0:53::193 ns-ext.isc.org. 172800 IN AAAA 2001:4f8:0:2::13 ;; Query time: 62 msec ;; SERVER: 193.0.14.129#53(193.0.14.129) ;; WHEN: Fri Nov 27 06:58:16 2009 ;; MSG SIZE rcvd: 401 mp% exit mp% script done on Fri Nov 27 06:58:36 2009 Now that the list of edu. authorities has been obtained, any one of those may be queried for the NS RRs for a particular subdomain of edu. Then any of those servers may be queried for any desired RRs within that domain, and so on down any further subdomain levels that may exist. Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * ********************************************************************** *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/