Re: questions on the dig info
On 07/08/11 20:07, Feng He wrote: Hello list, $ dig www.qq.com ns @ns1.qq.com ;<<>> DiG 9.4.2-P2.1<<>> www.qq.com ns @ns1.qq.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50734 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.qq.com.IN NS ;; ANSWER SECTION: www.qq.com. 86400 IN NS ns-tel1.qq.com. www.qq.com. 86400 IN NS ns-tel2.qq.com. ;; AUTHORITY SECTION: qq.com. 86400 IN NS ns4.qq.com. qq.com. 86400 IN NS ns1.qq.com. qq.com. 86400 IN NS ns2.qq.com. qq.com. 86400 IN NS ns3.qq.com. ;; Query time: 7 msec ;; SERVER: 219.133.62.252#53(219.133.62.252) ;; WHEN: Sat Jul 9 08:58:38 2011 ;; MSG SIZE rcvd: 144 $ dig www.qq.com ns @ns-tel1.qq.com ;<<>> DiG 9.4.2-P2.1<<>> www.qq.com ns @ns-tel1.qq.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44393 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.qq.com.IN NS ;; AUTHORITY SECTION: qq.com. 86400 IN SOA ns1.qq.com. webmaster.qq.com. 1293074536 300 600 86400 86400 ;; Query time: 7 msec ;; SERVER: 121.14.73.115#53(121.14.73.115) ;; WHEN: Sat Jul 9 08:59:07 2011 ;; MSG SIZE rcvd: 78 I have two questions against the two dig info above. First, why ns1.qq.com (which is the authority nameserver for the zone of qq.com, not www.qq.com) returns the authority answer for www.qq.com's NS query? and even includes a AA flag in the response. qq.com zone is the parent to the subdomain www.qq.com, so it has to have knowledge of the name servers for the www.qq.com subdomain. That is how a recursive name server finds www.qq.com. Second, why ns-tel1.qq.com (which is the authority nameserver for the zone of www.qq.com) returns nothing for this zone's NS query? Misconfiguration of ns-tel1.qq.com or it's not allowed to give you that answer. Hard to tell from here. The view from here does not show ns-tel1.qq.com to be authorative for www.qq.com. Lyle Giese LCR Computer Services, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: questions on the dig info
In message , Feng He writes: > Hello list, > > > $ dig www.qq.com ns @ns1.qq.com > > ; <<>> DiG 9.4.2-P2.1 <<>> www.qq.com ns @ns1.qq.com > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50734 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;www.qq.com.IN NS > > ;; ANSWER SECTION: > www.qq.com. 86400 IN NS ns-tel1.qq.com. > www.qq.com. 86400 IN NS ns-tel2.qq.com. > > ;; AUTHORITY SECTION: > qq.com. 86400 IN NS ns4.qq.com. > qq.com. 86400 IN NS ns1.qq.com. > qq.com. 86400 IN NS ns2.qq.com. > qq.com. 86400 IN NS ns3.qq.com. > > ;; Query time: 7 msec > ;; SERVER: 219.133.62.252#53(219.133.62.252) > ;; WHEN: Sat Jul 9 08:58:38 2011 > ;; MSG SIZE rcvd: 144 > > > > > $ dig www.qq.com ns @ns-tel1.qq.com > > ; <<>> DiG 9.4.2-P2.1 <<>> www.qq.com ns @ns-tel1.qq.com > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44393 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;www.qq.com.IN NS > > ;; AUTHORITY SECTION: > qq.com. 86400 IN SOA ns1.qq.com. > webmaster.qq.com. 1293074536 300 600 86400 86400 > > ;; Query time: 7 msec > ;; SERVER: 121.14.73.115#53(121.14.73.115) > ;; WHEN: Sat Jul 9 08:59:07 2011 > ;; MSG SIZE rcvd: 78 > > > > > I have two questions against the two dig info above. > > First, why ns1.qq.com (which is the authority nameserver for the zone > of qq.com, not www.qq.com) returns the authority answer for > www.qq.com's NS query? and even includes a AA flag in the response. Because the nameserver is not RFC compliant. There are lots of broken nameservers out there. Early versions of BIND had this bug but we removed it over a decade ago. > Second, why ns-tel1.qq.com (which is the authority nameserver for the > zone of www.qq.com) returns nothing for this zone's NS query? Because it is misconfigured. Instead of serving www.qq.com it is configured to server qq.com which can be seen in all the negative answers it returns. Unfortunately lots of load balancers are similarly misconfigured. You see similar issues with queries which causes lookup failures. ; <<>> DiG 9.6.0-APPLE-P2 <<>> +norec www.qq.com @ns-tel1.qq.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14164 ;; flags: qr aa; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.qq.com.IN ;; AUTHORITY SECTION: qq.com. 86400 IN SOA ns1.qq.com. webmaster.qq.com. 1293074536 300 600 86400 86400 ;; Query time: 394 msec ;; SERVER: 121.14.73.115#53(121.14.73.115) ;; WHEN: Sat Jul 9 12:43:39 2011 ;; MSG SIZE rcvd: 78 > Thank you. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: questions on the dig info
In message <4e17bc15.1090...@lcrcomputer.net>, Lyle Giese writes: > On 07/08/11 20:07, Feng He wrote: > > Hello list, > > > > > > $ dig www.qq.com ns @ns1.qq.com > > > > ;<<>> DiG 9.4.2-P2.1<<>> www.qq.com ns @ns1.qq.com > > ;; global options: printcmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50734 > > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 0 > > ;; WARNING: recursion requested but not available > > > > ;; QUESTION SECTION: > > ;www.qq.com.IN NS > > > > ;; ANSWER SECTION: > > www.qq.com. 86400 IN NS ns-tel1.qq.com. > > www.qq.com. 86400 IN NS ns-tel2.qq.com. > > > > ;; AUTHORITY SECTION: > > qq.com. 86400 IN NS ns4.qq.com. > > qq.com. 86400 IN NS ns1.qq.com. > > qq.com. 86400 IN NS ns2.qq.com. > > qq.com. 86400 IN NS ns3.qq.com. > > > > ;; Query time: 7 msec > > ;; SERVER: 219.133.62.252#53(219.133.62.252) > > ;; WHEN: Sat Jul 9 08:58:38 2011 > > ;; MSG SIZE rcvd: 144 > > > > > > > > > > $ dig www.qq.com ns @ns-tel1.qq.com > > > > ;<<>> DiG 9.4.2-P2.1<<>> www.qq.com ns @ns-tel1.qq.com > > ;; global options: printcmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44393 > > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; WARNING: recursion requested but not available > > > > ;; QUESTION SECTION: > > ;www.qq.com.IN NS > > > > ;; AUTHORITY SECTION: > > qq.com. 86400 IN SOA ns1.qq.com. > > webmaster.qq.com. 1293074536 300 600 86400 86400 > > > > ;; Query time: 7 msec > > ;; SERVER: 121.14.73.115#53(121.14.73.115) > > ;; WHEN: Sat Jul 9 08:59:07 2011 > > ;; MSG SIZE rcvd: 78 > > > > > > > > > > I have two questions against the two dig info above. > > > > First, why ns1.qq.com (which is the authority nameserver for the zone > > of qq.com, not www.qq.com) returns the authority answer for > > www.qq.com's NS query? and even includes a AA flag in the response. > > qq.com zone is the parent to the subdomain www.qq.com, so it has to have > knowledge of the name servers for the www.qq.com subdomain. That is how > a recursive name server finds www.qq.com. But it isn't returning a referral when it should (the NS records are in the wrong section) and as it isn't configured to server www.qq.com the "aa" is wrong. > > Second, why ns-tel1.qq.com (which is the authority nameserver for the > > zone of www.qq.com) returns nothing for this zone's NS query? > > Misconfiguration of ns-tel1.qq.com or it's not allowed to give you that > answer. Hard to tell from here. > > The view from here does not show ns-tel1.qq.com to be authorative for > www.qq.com. > > Lyle Giese > LCR Computer Services, Inc. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: questions on the dig info
2011/7/9 Lyle Giese : > > qq.com zone is the parent to the subdomain www.qq.com, so it has to have > knowledge of the name servers for the www.qq.com subdomain. That is how a > recursive name server finds www.qq.com. > Do you mean the reference? I don't think the first case is answering with a reference. It's just a broken nameserver, as Mark said. Thanks. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
