Query regarding dig output
Dear Sir, When I am query through dig for nkn.in domain without any additional parameter, It is showing 3 ADDITIONAL records. And when I am query through dig for same nkn.in domain with +dnssec parameter, It is showing 4 ADDITIONAL records but there are only 3 answers in ;;ADDITIONAL SECTION. Why is it so??? [@gaurav ~]# [@gaurav ~]# dig @180.149.63.3 nkn.in ; <<>> DiG 9.3.3rc2 <<>> @180.149.63.3 nkn.in ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62605 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;nkn.in.IN A ;; ANSWER SECTION: nkn.in. 86400 IN A 164.100.56.206 ;; AUTHORITY SECTION: nkn.in. 86400 IN NS ns3.nkn.in. nkn.in. 86400 IN NS ns2.nkn.in. nkn.in. 86400 IN NS ns1.nkn.in. ;; ADDITIONAL SECTION: ns1.nkn.in. 86400 IN A 180.149.63.3 ns2.nkn.in. 86400 IN A 180.149.63.66 ns3.nkn.in. 86400 IN 2405:8a00:1000::2 ;; Query time: 2 msec ;; SERVER: 180.149.63.3#53(180.149.63.3) ;; WHEN: Tue Nov 15 17:58:21 2011 ;; MSG SIZE rcvd: 154 [@gaurav ~]# [@gaurav ~]# [@gaurav ~]# dig @180.149.63.3 +dnssec nkn.in ; <<>> DiG 9.3.3rc2 <<>> @180.149.63.3 +dnssec nkn.in ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39199 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;nkn.in.IN A ;; ANSWER SECTION: nkn.in. 86400 IN A 164.100.56.206 ;; AUTHORITY SECTION: nkn.in. 86400 IN NS ns1.nkn.in. nkn.in. 86400 IN NS ns3.nkn.in. nkn.in. 86400 IN NS ns2.nkn.in. ;; ADDITIONAL SECTION: ns1.nkn.in. 86400 IN A 180.149.63.3 ns2.nkn.in. 86400 IN A 180.149.63.66 ns3.nkn.in. 86400 IN 2405:8a00:1000::2 ;; Query time: 603 msec ;; SERVER: 180.149.63.3#53(180.149.63.3) ;; WHEN: Tue Nov 15 17:59:33 2011 ;; MSG SIZE rcvd: 165 [@gaurav ~]# Thanks and Regards, Gaurav Kansal 8860785630 9910118448 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Query regarding dig output
On Tue, Nov 15, 2011 at 06:11:32PM +0530, Gaurav Kansal wrote a message of 415 lines which said: > And when I am query through dig for same nkn.in domain with +dnssec > parameter, Something that you did not post. Such a test does not appear in your original email. nkn.in is not signed and using +dnssec or no changes nothing. % dig nkn.in ; <<>> DiG 9.7.3 <<>> nkn.in ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38542 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;nkn.in.IN A ;; ANSWER SECTION: nkn.in. 86400 IN A 164.100.56.206 ;; AUTHORITY SECTION: nkn.in. 86400 IN NS ns2.nkn.in. nkn.in. 86400 IN NS ns3.nkn.in. nkn.in. 86400 IN NS ns1.nkn.in. ;; ADDITIONAL SECTION: ns1.nkn.in. 86400 IN A 180.149.63.3 ns2.nkn.in. 86400 IN A 180.149.63.66 ns3.nkn.in. 86400 IN 2405:8a00:1000::2 ;; Query time: 492 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue Nov 15 13:49:18 2011 ;; MSG SIZE rcvd: 165 % dig +dnssec nkn.in ; <<>> DiG 9.7.3 <<>> +dnssec nkn.in ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18735 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;nkn.in.IN A ;; ANSWER SECTION: nkn.in. 86392 IN A 164.100.56.206 ;; AUTHORITY SECTION: nkn.in. 86392 IN NS ns2.nkn.in. nkn.in. 86392 IN NS ns3.nkn.in. nkn.in. 86392 IN NS ns1.nkn.in. ;; ADDITIONAL SECTION: ns1.nkn.in. 86392 IN A 180.149.63.3 ns2.nkn.in. 86392 IN A 180.149.63.66 ns3.nkn.in. 86392 IN 2405:8a00:1000::2 ;; Query time: 0 msec ;; SERVER: ::1#53(::1) ;; WHEN: Tue Nov 15 13:49:26 2011 ;; MSG SIZE rcvd: 165 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Query regarding dig output
Hello, The fourth record in the ADDITIONAL section is the OPT EDNS0 record, returned by the server. You can see it displayed in the QUESTION SECTION: Also, try dig @180.149.63.3 nkn.in. +dnssec +bufsize=1024 (EDNS0, with D0, but payload of 1024) à in the reply the payload will be 4096 : so the server returns most of EDNS0 info in the query, but replaces the UDP payload size by what it accepts itself. (cfr recent posting of Mark Andrews in IETF dnsext mailing list about finding this out) Kind regards, Marc Lampo Security Officer EURid From: Gaurav Kansal [mailto:gaurav.kan...@nic.in] Sent: 15 November 2011 01:42 PM To: bind-users@lists.isc.org Subject: Query regarding dig output Dear Sir, When I am query through dig for nkn.in domain without any additional parameter, It is showing 3 ADDITIONAL records. And when I am query through dig for same nkn.in domain with +dnssec parameter, It is showing 4 ADDITIONAL records but there are only 3 answers in ;;ADDITIONAL SECTION. Why is it so??? [@gaurav ~]# [@gaurav ~]# dig @180.149.63.3 nkn.in ; <<>> DiG 9.3.3rc2 <<>> @180.149.63.3 nkn.in ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62605 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;nkn.in.IN A ;; ANSWER SECTION: nkn.in. 86400 IN A 164.100.56.206 ;; AUTHORITY SECTION: nkn.in. 86400 IN NS ns3.nkn.in. nkn.in. 86400 IN NS ns2.nkn.in. nkn.in. 86400 IN NS ns1.nkn.in. ;; ADDITIONAL SECTION: ns1.nkn.in. 86400 IN A 180.149.63.3 ns2.nkn.in. 86400 IN A 180.149.63.66 ns3.nkn.in. 86400 IN 2405:8a00:1000::2 ;; Query time: 2 msec ;; SERVER: 180.149.63.3#53(180.149.63.3) ;; WHEN: Tue Nov 15 17:58:21 2011 ;; MSG SIZE rcvd: 154 [@gaurav ~]# [@gaurav ~]# [@gaurav ~]# dig @180.149.63.3 +dnssec nkn.in ; <<>> DiG 9.3.3rc2 <<>> @180.149.63.3 +dnssec nkn.in ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39199 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ;; QUESTION SECTION: ;nkn.in.IN A ;; ANSWER SECTION: nkn.in. 86400 IN A 164.100.56.206 ;; AUTHORITY SECTION: nkn.in. 86400 IN NS ns1.nkn.in. nkn.in. 86400 IN NS ns3.nkn.in. nkn.in. 86400 IN NS ns2.nkn.in. ;; ADDITIONAL SECTION: ns1.nkn.in. 86400 IN A 180.149.63.3 ns2.nkn.in. 86400 IN A 180.149.63.66 ns3.nkn.in. 86400 IN 2405:8a00:1000::2 ;; Query time: 603 msec ;; SERVER: 180.149.63.3#53(180.149.63.3) ;; WHEN: Tue Nov 15 17:59:33 2011 ;; MSG SIZE rcvd: 165 [@gaurav ~]# Thanks and Regards, Gaurav Kansal 8860785630 9910118448 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Query regarding dig output
On Tue, 15 Nov 2011, Gaurav Kansal wrote: When I am query through dig for nkn.in domain without any additional parameter, It is showing 3 ADDITIONAL records. And when I am query through dig for same nkn.in domain with +dnssec parameter, It is showing 4 ADDITIONAL records but there are only 3 answers in ;;ADDITIONAL SECTION. Why is it so??? [@gaurav ~]# dig @180.149.63.3 nkn.in I cannot reproduce that. Its the same output with or without +dnssec Paul ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
