Re: [time] What is happening here?

Tue, 07 Aug 2007 17:10:05 -0700 

On Aug 7, 2007, at 4:43 PM, Ask Bjørn Hansen wrote:
> On Aug 7, 2007, at 16:33, Chuck Swiger wrote:
>> Certainly BIND is doing round-robin within the result set:
>
> That's just your local cache rotating the same 14 IPs.

Nope, there is more going on.  I just set up a test zone having 256  
RR's via:

$TTL    86400
@       IN      SOA     localhost. hostmaster.localhost. (
         1       ; serial
         3h              ; Refresh 3 hours
         1h              ; Retry   1 hour
         30d             ; Expire  30 days
         1d )            ; Minimum 24 hours

@       NS      localhost.

localhost       A       127.0.0.1
$GENERATE 0-255 test    A       192.168.1.$$

I then ran:

   tcpdump -w tcp.dump -s 0 -i lo0 port 53 &

...and did several digs against this test.example.com.  When the size  
of the return results are bigger than 500 bytes, dig falls back to  
using either EDNS0 over UDP or TCP.  The TCP results returned all 256  
values, rotating the order they are returned for each query.

The UDP results returned about 25 results (ie, which is what would  
fit within the 500 byte limit), again rotating the result set so that  
you would indeed get entirely different IPs in the result if you  
issue enough queries.  This was with BIND 9.3.4-P1, YMMV.

% tcpdump -r tcp.dump -txv udp
reading from file tcp.dump, link-type NULL (BSD loopback)
IP (tos 0x0, ttl  64, id 52075, offset 0, flags [none], length: 62)  
localhost.59718 > localhost.domain: [udp sum ok]  61756+ A?  
test.example.com. (34)
         0x0000:  4500 003e cb6b 0000 4011 b141 7f00 0001   
E..>[EMAIL PROTECTED]
         0x0010:  7f00 0001 e946 0035 002a db27 f13c 0100  .....F. 
5.*.'.<..
         0x0020:  0001 0000 0000 0000 0474 6573 7407  
6578  .........test.ex
         0x0030:  616d 706c 6503 636f 6d00 0001 0001        
ample.com.....
IP (tos 0x0, ttl  64, id 52076, offset 0, flags [none], length: 526)  
localhost.domain > localhost.59718: [udp sum ok]  61756*| 29/0/0  
test.example.com. A 192.168.1.0, test.example.com. A  
linksys.pkix.net, test.example.com. A sec.pkix.net, test.example.com.  
A prime.pkix.net, test.example.com. A mac.pkix.net, test.example.com.  
A rho.pkix.net, test.example.com. A cube.pkix.net, test.example.com.  
A 192.168.1.7, test.example.com. A 192.168.1.8, test.example.com. A  
192.168.1.9, test.example.com. A 192.168.1.10, test.example.com. A  
192.168.1.11, test.example.com. A 192.168.1.12, test.example.com. A  
192.168.1.13, test.example.com. A 192.168.1.14, test.example.com. A  
192.168.1.15, test.example.com. A 192.168.1.16, test.example.com. A  
192.168.1.17, test.example.com. A 192.168.1.18, test.example.com. A  
192.168.1.19, test.example.com. A 192.168.1.20, test.example.com. A  
192.168.1.21, test.example.com. A 192.168.1.22, test.example.com. A  
192.168.1.23, test.example.com. A 192.168.1.24, test.example.com. A  
192.168.1.25, test.example.com. A 192.168.1.26, test.example.com. A  
192.168.1.27, test.example.com. A 192.168.1.28 (498)
         0x0000:  4500 020e cb6c 0000 4011 af70 7f00 0001   
[EMAIL PROTECTED]
         0x0010:  7f00 0001 0035 e946 01fa 6170 f13c 8780  ..... 
5.F..ap.<..
         0x0020:  0001 001d 0000 0000 0474 6573 7407  
6578  .........test.ex
         0x0030:  616d 706c 6503 636f 6d00 0001 0001 c00c   
ample.com.......
         0x0040:  0001 0001 0001 5180 0004 c0a8 0100  
c00c  ......Q.........
         0x0050:  0001 0001 0001 5180 0004 c0a8 0101  
c00c  ......Q.........
         0x0060:  0001 0001 0001 5180 0004 c0a8 0102  
c00c  ......Q.........
         0x0070:  0001 0001 0001 5180 0004 c0a8 0103  
c00c  ......Q.........
         0x0080:  0001 0001 0001 5180 0004 c0a8 0104  
c00c  ......Q.........
         0x0090:  0001 0001 0001 5180 0004 c0a8 0105  
c00c  ......Q.........
         0x00a0:  0001 0001 0001 5180 0004 c0a8 0106  
c00c  ......Q.........
         0x00b0:  0001 0001 0001 5180 0004 c0a8 0107  
c00c  ......Q.........
         0x00c0:  0001 0001 0001 5180 0004 c0a8 0108  
c00c  ......Q.........
         0x00d0:  0001 0001 0001 5180 0004 c0a8 0109  
c00c  ......Q.........
         0x00e0:  0001 0001 0001 5180 0004 c0a8 010a  
c00c  ......Q.........
         0x00f0:  0001 0001 0001 5180 0004 c0a8 010b  
c00c  ......Q.........
         0x0100:  0001 0001 0001 5180 0004 c0a8 010c  
c00c  ......Q.........
         0x0110:  0001 0001 0001 5180 0004 c0a8 010d  
c00c  ......Q.........
         0x0120:  0001 0001 0001 5180 0004 c0a8 010e  
c00c  ......Q.........
         0x0130:  0001 0001 0001 5180 0004 c0a8 010f  
c00c  ......Q.........
         0x0140:  0001 0001 0001 5180 0004 c0a8 0110  
c00c  ......Q.........
         0x0150:  0001 0001 0001 5180 0004 c0a8 0111  
c00c  ......Q.........
         0x0160:  0001 0001 0001 5180 0004 c0a8 0112  
c00c  ......Q.........
         0x0170:  0001 0001 0001 5180 0004 c0a8 0113  
c00c  ......Q.........
         0x0180:  0001 0001 0001 5180 0004 c0a8 0114  
c00c  ......Q.........
         0x0190:  0001 0001 0001 5180 0004 c0a8 0115  
c00c  ......Q.........
         0x01a0:  0001 0001 0001 5180 0004 c0a8 0116  
c00c  ......Q.........
         0x01b0:  0001 0001 0001 5180 0004 c0a8 0117  
c00c  ......Q.........
         0x01c0:  0001 0001 0001 5180 0004 c0a8 0118  
c00c  ......Q.........
         0x01d0:  0001 0001 0001 5180 0004 c0a8 0119  
c00c  ......Q.........
         0x01e0:  0001 0001 0001 5180 0004 c0a8 011a  
c00c  ......Q.........
         0x01f0:  0001 0001 0001 5180 0004 c0a8 011b  
c00c  ......Q.........
         0x0200:  0001 0001 0001 5180 0004 c0a8  
011c       ......Q.......

[ ...repeat the query several times... ]

IP (tos 0x0, ttl  64, id 52953, offset 0, flags [none], length: 62)  
127.0.0.1.65250 > 127.0.0.1.53: [udp sum ok]  43924+ A?  
test.example.com. (34)
         0x0000:  4500 003e ced9 0000 4011 add3 7f00 0001   
E..>[EMAIL PROTECTED]
         0x0010:  7f00 0001 fee2 0035 002a 0b34 ab94 0100  .......5.*. 
4....
         0x0020:  0001 0000 0000 0000 0474 6573 7407  
6578  .........test.ex
         0x0030:  616d 706c 6503 636f 6d00 0001 0001        
ample.com.....
IP (tos 0x0, ttl  64, id 52955, offset 0, flags [none], length: 526)  
127.0.0.1.53 > 127.0.0.1.65250: [udp sum ok]  43924*| 29/0/0  
test.example.com. A 192.168.1.214, test.example.com. A 192.168.1.215,  
test.example.com. A 192.168.1.216, test.example.com. A 192.168.1.217,  
test.example.com. A 192.168.1.218, test.example.com. A 192.168.1.219,  
test.example.com. A 192.168.1.220, test.example.com. A 192.168.1.221,  
test.example.com. A 192.168.1.222, test.example.com. A 192.168.1.223,  
test.example.com. A 192.168.1.224, test.example.com. A 192.168.1.225,  
test.example.com. A 192.168.1.226, test.example.com. A 192.168.1.227,  
test.example.com. A 192.168.1.228, test.example.com. A 192.168.1.229,  
test.example.com. A 192.168.1.230, test.example.com. A 192.168.1.231,  
test.example.com. A 192.168.1.232, test.example.com. A 192.168.1.233,  
test.example.com. A 192.168.1.234, test.example.com. A 192.168.1.235,  
test.example.com. A 192.168.1.236, test.example.com. A 192.168.1.237,  
test.example.com. A 192.168.1.238, test.example.com. A 192.168.1.239,  
test.example.com. A 192.168.1.240, test.example.com. A 192.168.1.241,  
test.example.com. A 192.168.1.242 (498)
         0x0000:  4500 020e cedb 0000 4011 ac01 7f00 0001   
[EMAIL PROTECTED]
         0x0010:  7f00 0001 0035 fee2 01fa 793e ab94 8780  ..... 
5....y>....
         0x0020:  0001 001d 0000 0000 0474 6573 7407  
6578  .........test.ex
         0x0030:  616d 706c 6503 636f 6d00 0001 0001 c00c   
ample.com.......
         0x0040:  0001 0001 0001 5180 0004 c0a8 01d6  
c00c  ......Q.........
         0x0050:  0001 0001 0001 5180 0004 c0a8 01d7  
c00c  ......Q.........
         0x0060:  0001 0001 0001 5180 0004 c0a8 01d8  
c00c  ......Q.........
         0x0070:  0001 0001 0001 5180 0004 c0a8 01d9  
c00c  ......Q.........
         0x0080:  0001 0001 0001 5180 0004 c0a8 01da  
c00c  ......Q.........
         0x0090:  0001 0001 0001 5180 0004 c0a8 01db  
c00c  ......Q.........
         0x00a0:  0001 0001 0001 5180 0004 c0a8 01dc  
c00c  ......Q.........
         0x00b0:  0001 0001 0001 5180 0004 c0a8 01dd  
c00c  ......Q.........
         0x00c0:  0001 0001 0001 5180 0004 c0a8 01de  
c00c  ......Q.........
         0x00d0:  0001 0001 0001 5180 0004 c0a8 01df  
c00c  ......Q.........
         0x00e0:  0001 0001 0001 5180 0004 c0a8 01e0  
c00c  ......Q.........
         0x00f0:  0001 0001 0001 5180 0004 c0a8 01e1  
c00c  ......Q.........
         0x0100:  0001 0001 0001 5180 0004 c0a8 01e2  
c00c  ......Q.........
         0x0110:  0001 0001 0001 5180 0004 c0a8 01e3  
c00c  ......Q.........
         0x0120:  0001 0001 0001 5180 0004 c0a8 01e4  
c00c  ......Q.........
         0x0130:  0001 0001 0001 5180 0004 c0a8 01e5  
c00c  ......Q.........
         0x0140:  0001 0001 0001 5180 0004 c0a8 01e6  
c00c  ......Q.........
         0x0150:  0001 0001 0001 5180 0004 c0a8 01e7  
c00c  ......Q.........
         0x0160:  0001 0001 0001 5180 0004 c0a8 01e8  
c00c  ......Q.........
         0x0170:  0001 0001 0001 5180 0004 c0a8 01e9  
c00c  ......Q.........
         0x0180:  0001 0001 0001 5180 0004 c0a8 01ea  
c00c  ......Q.........
         0x0190:  0001 0001 0001 5180 0004 c0a8 01eb  
c00c  ......Q.........
         0x01a0:  0001 0001 0001 5180 0004 c0a8 01ec  
c00c  ......Q.........
         0x01b0:  0001 0001 0001 5180 0004 c0a8 01ed  
c00c  ......Q.........
         0x01c0:  0001 0001 0001 5180 0004 c0a8 01ee  
c00c  ......Q.........
         0x01d0:  0001 0001 0001 5180 0004 c0a8 01ef  
c00c  ......Q.........
         0x01e0:  0001 0001 0001 5180 0004 c0a8 01f0  
c00c  ......Q.........
         0x01f0:  0001 0001 0001 5180 0004 c0a8 01f1  
c00c  ......Q.........
         0x0200:  0001 0001 0001 5180 0004 c0a8  
01f2       ......Q.......

-- 
-Chuck

PS: Ignore the fact that I've got reverse DNS entries for pkix.net  
for 192.168.1.1 - .7 or so.  :-)
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers

Reply via email to