Re: [dnsext] [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
marka@isc.org Sat, 19 February 2011 11:08 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F87D3A6FF9 for <dnsext@core3.amsl.com>; Sat, 19 Feb 2011 03:08:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.753
X-Spam-Level:
X-Spam-Status: No, score=-1.753 tagged_above=-999 required=5 tests=[AWL=-0.820, BAYES_00=-2.599, SARE_HTML_URI_LHOST31=1.666]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9EMRMMiGJ3qW for <dnsext@core3.amsl.com>; Sat, 19 Feb 2011 03:07:58 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by core3.amsl.com (Postfix) with ESMTP id A50E13A6FFB for <dnsext@ietf.org>; Sat, 19 Feb 2011 03:07:56 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id 1BE755F98A2 for <dnsext@ietf.org>; Sat, 19 Feb 2011 11:08:14 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (c211-30-172-21.carlnfd1.nsw.optusnet.com.au [211.30.172.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id C08EE216C22 for <dnsext@ietf.org>; Sat, 19 Feb 2011 11:08:10 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 72F45A53944 for <dnsext@ietf.org>; Sat, 19 Feb 2011 22:08:05 +1100 (EST)
Date: Sat, 19 Feb 2011 22:08:05 +1100
Message-Id: <20110219110805.72F45A53944@drugs.dv.isc.org>
From: marka@isc.org
To: undisclosed-recipients:;
X-Mailman-Approved-At: Mon, 21 Feb 2011 08:43:29 -0800
Subject: Re: [dnsext] [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Feb 2011 11:08:00 -0000
------- Blind-Carbon-Copy To: Shaoquan Lin <lin@ccny.cuny.edu> Cc: bind-users@isc.org From: Mark Andrews <marka@isc.org> References: <17894D6D30484DDFBBE95BEF987FF5D1@se179> Subject: Re: [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses In-reply-to: Your message of "Fri, 18 Feb 2011 15:54:58 CDT." <17894D6D30484DDFBBE95BEF987FF5D1@se179> Date: Sat, 19 Feb 2011 22:08:05 +1100 In message <17894D6D30484DDFBBE95BEF987FF5D1@se179>, "Shaoquan Lin" writes: > Ryan, > > Have you solved your problem? I have similar problems. I run BIND = > 9.6..1-P3 on my Solaris 10 and can not resolve anything in domain = > nyc.gov. One thing I noticed is: BIND 9.3 send query to = > b.gov-servers.net with no Additional records and got a response with A = > records for the nyc.gov NS servers in the Additional records; but BIND = > 9.6 send query with type OPT Additional records and got a response with = > also a type OPT but no A in the Additional records. So the BIND 9.6 can = > not find the IP addresses of the nyc.gov NS servers and therefore can = > not resolve anything in that domain. Using options "max-udp-size 512" = > and "edns-udp-size 512" does not solve the problem. > > The following are the what I captured. Anyone have any suggestions to = > solve the problem? =20 > > Shaoquan Lin This is really a DNS protocol bug. Glue is not optional when returning a referral and failure to add glue should result in "tc" being set. Note: named should set "tc" in the case to work around this protocol bug. It's useful to have a real life example rather than a contrived example. 2784. [bug] TC was not always being set when required glue was dropped. [RT #20655] 1804. [bug] Ensure that if we are queried for glue that it fits in the additional section or TC is set to tell the client to retry using TCP. [RT #10114] > BIND 9.3 query: > Domain Name System (query) > > Transaction ID: 0x94ca > > Flags: 0x0000 (Standard query) > > 0... .... .... .... =3D Response: Message is a query > > .000 0... .... .... =3D Opcode: Standard query (0) > > .... ..0. .... .... =3D Truncated: Message is not truncated > > .... ...0 .... .... =3D Recursion desired: Don't do query recursively > > .... .... .0.. .... =3D Z: reserved (0) > > .... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated = > data is unacceptable > > Questions: 1 > > Answer RRs: 0 > > Authority RRs: 0 > > Additional RRs: 0 > > Queries > > vwall4a.nyc.gov: type A, class IN > > Name: vwall4a.nyc.gov > > Type: A (Host address) > > Class: IN (0x0001) > > BIND 9.3 response: > > Domain Name System (response) > > Transaction ID: 0x94ca > > Flags: 0x8000 (Standard query response, No error) > > 1... .... .... .... =3D Response: Message is a response > > .000 0... .... .... =3D Opcode: Standard query (0) > > .... .0.. .... .... =3D Authoritative: Server is not an authority for = > domain > > .... ..0. .... .... =3D Truncated: Message is not truncated > > .... ...0 .... .... =3D Recursion desired: Don't do query recursively > > .... .... 0... .... =3D Recursion available: Server can't do recursive = > queries > > .... .... .0.. .... =3D Z: reserved (0) > > .... .... ..0. .... =3D Answer authenticated: Answer/authority portion = > was not authenticated by the server > > .... .... .... 0000 =3D Reply code: No error (0) > > Questions: 1 > > Answer RRs: 0 > > Authority RRs: 4 > > Additional RRs: 4 > > Queries > > vwall4a.nyc.gov: type A, class IN > > Name: vwall4a.nyc.gov > > Type: A (Host address) > > Class: IN (0x0001) > > Authoritative nameservers > > nyc.gov: type NS, class IN, ns vwall1a.nyc.gov > > Name: nyc.gov > > Type: NS (Authoritative name server) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 10 > > Name server: vwall1a.nyc.gov > > nyc.gov: type NS, class IN, ns vwall2a.nyc.gov > > Name: nyc.gov > > Type: NS (Authoritative name server) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 10 > > Name server: vwall2a.nyc.gov > > nyc.gov: type NS, class IN, ns vwall3a.nyc.gov > > Name: nyc.gov > > Type: NS (Authoritative name server) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 10 > > Name server: vwall3a.nyc.gov > > nyc.gov: type NS, class IN, ns vwall4a.nyc.gov > > Name: nyc.gov > > Type: NS (Authoritative name server) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 10 > > Name server: vwall4a.nyc.gov > > Additional records > > vwall1a.nyc.gov: type A, class IN, addr 161.185.1.3 > > Name: vwall1a.nyc.gov > > Type: A (Host address) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 4 > > Addr: 161.185.1.3 > > vwall2a.nyc.gov: type A, class IN, addr 161.185.1.12 > > Name: vwall2a.nyc.gov > > Type: A (Host address) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 4 > > Addr: 161.185.1.12 > > vwall3a.nyc.gov: type A, class IN, addr 167.153.130.12 > > Name: vwall3a.nyc.gov > > Type: A (Host address) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 4 > > Addr: 167.153.130.12 > > vwall4a.nyc.gov: type A, class IN, addr 167.153.130.13 > > Name: vwall4a.nyc.gov > > Type: A (Host address) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 4 > > Addr: 167.153.130.13 > > BIND 9.6 query: > > Domain Name System (query) > > Transaction ID: 0x6427 > > Flags: 0x0000 (Standard query) > > 0... .... .... .... =3D Response: Message is a query > > .000 0... .... .... =3D Opcode: Standard query (0) > > .... ..0. .... .... =3D Truncated: Message is not truncated > > .... ...0 .... .... =3D Recursion desired: Don't do query recursively > > .... .... .0.. .... =3D Z: reserved (0) > > .... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated = > data is unacceptable > > Questions: 1 > > Answer RRs: 0 > > Authority RRs: 0 > > Additional RRs: 1 > > Queries > > vwall4a.nyc.gov: type A, class IN > > Name: vwall4a.nyc.gov > > Type: A (Host address) > > Class: IN (0x0001) > > Additional records > > <Root>: type OPT > > Name: <Root> > > Type: OPT (EDNS0 option) > > UDP payload size: 512 > > Higher bits in extended RCODE: 0x0 > > EDNS0 version: 0 > > Z: 0x8000 > > Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs) > > Bits 1-15: 0x0 (reserved) > > Data length: 0 > > BIND 9.6 response: > > Domain Name System (response) > > Transaction ID: 0x6427 > > Flags: 0x8000 (Standard query response, No error) > > 1... .... .... .... =3D Response: Message is a response > > .000 0... .... .... =3D Opcode: Standard query (0) > > .... .0.. .... .... =3D Authoritative: Server is not an authority for = > domain > > .... ..0. .... .... =3D Truncated: Message is not truncated > > .... ...0 .... .... =3D Recursion desired: Don't do query recursively > > .... .... 0... .... =3D Recursion available: Server can't do recursive = > queries > > .... .... .0.. .... =3D Z: reserved (0) > > .... .... ..0. .... =3D Answer authenticated: Answer/authority portion = > was not authenticated by the server > > .... .... .... 0000 =3D Reply code: No error (0) > > Questions: 1 > > Answer RRs: 0 > > Authority RRs: 6 > > Additional RRs: 1 > > Queries > > vwall4a.nyc.gov: type A, class IN > > Name: vwall4a.nyc.gov > > Type: A (Host address) > > Class: IN (0x0001) > > Authoritative nameservers > > nyc.gov: type NS, class IN, ns vwall1a.nyc.gov > > Name: nyc.gov > > Type: NS (Authoritative name server) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 10 > > Name server: vwall1a.nyc.gov > > nyc.gov: type NS, class IN, ns vwall2a.nyc.gov > > Name: nyc.gov > > Type: NS (Authoritative name server) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 10 > > Name server: vwall2a.nyc.gov > > nyc.gov: type NS, class IN, ns vwall3a.nyc.gov > > Name: nyc.gov > > Type: NS (Authoritative name server) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 10 > > Name server: vwall3a.nyc.gov > > nyc.gov: type NS, class IN, ns vwall4a.nyc.gov > > Name: nyc.gov > > Type: NS (Authoritative name server) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 10 > > Name server: vwall4a.nyc.gov > > rq2651faaj4nen6tfis8ju5005qccn8j.gov: type Unknown (50), class IN > > Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov > > Type: Unknown (50) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 35 > > Data > > rq2651faaj4nen6tfis8ju5005qccn8j.gov: type RRSIG, class IN > > Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov > > Type: RRSIG (RR signature) > > Class: IN (0x0001) > > Time to live: 1 day > > Data length: 279 > > Type covered: Unknown (50) > > Algorithm: Unknown (0x07) > > Labels: 2 > > Original TTL: 1 day > > Signature expiration: Feb 22, 2011 05:00:22.000000000 > > Time signed: Feb 17, 2011 05:00:22.000000000 > > Id of signing key(footprint): 47602 > > Signer's name: gov > > Signature > > Additional records > > <Root>: type OPT > > Name: <Root> > > Type: OPT (EDNS0 option) > > UDP payload size: 1472 > > Higher bits in extended RCODE: 0x0 > > EDNS0 version: 0 > > Z: 0x0 > > Data length: 0 > > ------=_NextPart_000_0116_01CBCF84.31A5E720 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META content=3D"text/html; charset=3Diso-8859-1" = > http-equiv=3DContent-Type> > <META name=3DGENERATOR content=3D"MSHTML 8.00.6001.19019"> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=3D#ffffff> > <DIV><FONT size=3D2 face=3DArial>Ryan,</FONT></DIV> > <DIV><FONT size=3D2 face=3DArial></FONT> </DIV> > <DIV><FONT size=3D2 face=3DArial>Have you solved your problem? I = > have similar=20 > problems. I run BIND 9.6..1-P3 on my Solaris 10 and can not resolve = > anything in=20 > domain nyc.gov. One thing I noticed is: BIND 9.3 send query = > to=20 > b.gov-servers.net with no Additional records and got a response=20 > with A records for the nyc.gov NS servers in the Additional = > records;=20 > but BIND 9.6 send query with type OPT Additional records and got a = > response with=20 > also a type OPT but no A in the Additional records. So the BIND = > 9.6 can=20 > not find the IP addresses of the nyc.gov NS servers and therefore can = > not=20 > resolve anything in that domain. Using options "<FONT=20 > size=3D3>max-udp-size 512" and "edns-udp-size 512" = > does not=20 > solve the problem.</FONT></FONT></DIV> > <DIV><FONT face=3DArial></FONT> </DIV> > <DIV><FONT face=3DArial>The following are the what I captured. = > Anyone have=20 > any suggestions to solve the=20 > problem? = > </FONT></DIV> > <DIV><FONT face=3DArial></FONT> </DIV> > <DIV><FONT face=3DArial>Shaoquan Lin</FONT></DIV> > <DIV><FONT face=3DArial></FONT> </DIV> > <DIV><FONT face=3DArial>BIND 9.3 query:</FONT></DIV> > <DIV><FONT size=3D2 face=3DArial><SPAN lang=3DEN> > <P>Domain Name System (query)</P> > <P>Transaction ID: 0x94ca</P> > <P>Flags: 0x0000 (Standard query)</P> > <P>0... .... .... .... =3D Response: Message is a query</P> > <P>.000 0... .... .... =3D Opcode: Standard query (0)</P> > <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P> > <P>.... ...0 .... .... =3D Recursion desired: Don't do query = > recursively</P> > <P>.... .... .0.. .... =3D Z: reserved (0)</P> > <P>.... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated = > data is=20 > unacceptable</P> > <P>Questions: 1</P> > <P>Answer RRs: 0</P> > <P>Authority RRs: 0</P> > <P>Additional RRs: 0</P> > <P>Queries</P> > <P>vwall4a.nyc.gov: type A, class IN</P> > <P>Name: vwall4a.nyc.gov</P> > <P>Type: A (Host address)</P> > <P>Class: IN (0x0001)</P> > <P>BIND 9.3 response:</P><SPAN lang=3DEN> > <P>Domain Name System (response)</P> > <P>Transaction ID: 0x94ca</P> > <P>Flags: 0x8000 (Standard query response, No error)</P> > <P>1... .... .... .... =3D Response: Message is a response</P> > <P>.000 0... .... .... =3D Opcode: Standard query (0)</P> > <P>.... .0.. .... .... =3D Authoritative: Server is not an authority for = > > domain</P> > <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P> > <P>.... ...0 .... .... =3D Recursion desired: Don't do query = > recursively</P> > <P>.... .... 0... .... =3D Recursion available: Server can't do = > recursive=20 > queries</P> > <P>.... .... .0.. .... =3D Z: reserved (0)</P> > <P>.... .... ..0. .... =3D Answer authenticated: Answer/authority = > portion was not=20 > authenticated by the server</P> > <P>.... .... .... 0000 =3D Reply code: No error (0)</P> > <P>Questions: 1</P> > <P>Answer RRs: 0</P> > <P>Authority RRs: 4</P> > <P>Additional RRs: 4</P> > <P>Queries</P> > <P>vwall4a.nyc.gov: type A, class IN</P> > <P>Name: vwall4a.nyc.gov</P> > <P>Type: A (Host address)</P> > <P>Class: IN (0x0001)</P> > <P>Authoritative nameservers</P> > <P>nyc.gov: type NS, class IN, ns vwall1a.nyc.gov</P> > <P>Name: nyc.gov</P> > <P>Type: NS (Authoritative name server)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 10</P> > <P>Name server: vwall1a.nyc.gov</P> > <P>nyc.gov: type NS, class IN, ns vwall2a.nyc.gov</P> > <P>Name: nyc.gov</P> > <P>Type: NS (Authoritative name server)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 10</P> > <P>Name server: vwall2a.nyc.gov</P> > <P>nyc.gov: type NS, class IN, ns vwall3a.nyc.gov</P> > <P>Name: nyc.gov</P> > <P>Type: NS (Authoritative name server)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 10</P> > <P>Name server: vwall3a.nyc.gov</P> > <P>nyc.gov: type NS, class IN, ns vwall4a.nyc.gov</P> > <P>Name: nyc.gov</P> > <P>Type: NS (Authoritative name server)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 10</P> > <P>Name server: vwall4a.nyc.gov</P> > <P>Additional records</P> > <P>vwall1a.nyc.gov: type A, class IN, addr 161.185.1.3</P> > <P>Name: vwall1a.nyc.gov</P> > <P>Type: A (Host address)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 4</P> > <P>Addr: 161.185.1.3</P> > <P>vwall2a.nyc.gov: type A, class IN, addr 161.185.1.12</P> > <P>Name: vwall2a.nyc.gov</P> > <P>Type: A (Host address)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 4</P> > <P>Addr: 161.185.1.12</P> > <P>vwall3a.nyc.gov: type A, class IN, addr 167.153.130.12</P> > <P>Name: vwall3a.nyc.gov</P> > <P>Type: A (Host address)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 4</P> > <P>Addr: 167.153.130.12</P> > <P>vwall4a.nyc.gov: type A, class IN, addr 167.153.130.13</P> > <P>Name: vwall4a.nyc.gov</P> > <P>Type: A (Host address)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 4</P> > <P>Addr: 167.153.130.13</P></SPAN></SPAN></FONT></DIV> > <DIV><FONT size=3D2 face=3DArial>BIND 9.6 query:</FONT></DIV> > <DIV> </DIV> > <DIV><SPAN lang=3DEN> > <P>Domain Name System (query)</P> > <P>Transaction ID: 0x6427</P> > <P>Flags: 0x0000 (Standard query)</P> > <P>0... .... .... .... =3D Response: Message is a query</P> > <P>.000 0... .... .... =3D Opcode: Standard query (0)</P> > <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P> > <P>.... ...0 .... .... =3D Recursion desired: Don't do query = > recursively</P> > <P>.... .... .0.. .... =3D Z: reserved (0)</P> > <P>.... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated = > data is=20 > unacceptable</P> > <P>Questions: 1</P> > <P>Answer RRs: 0</P> > <P>Authority RRs: 0</P> > <P>Additional RRs: 1</P> > <P>Queries</P> > <P>vwall4a.nyc.gov: type A, class IN</P> > <P>Name: vwall4a.nyc.gov</P> > <P>Type: A (Host address)</P> > <P>Class: IN (0x0001)</P> > <P>Additional records</P> > <P><Root>: type OPT</P> > <P>Name: <Root></P> > <P>Type: OPT (EDNS0 option)</P> > <P>UDP payload size: 512</P> > <P>Higher bits in extended RCODE: 0x0</P> > <P>EDNS0 version: 0</P> > <P>Z: 0x8000</P> > <P>Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)</P> > <P>Bits 1-15: 0x0 (reserved)</P> > <P>Data length: 0</P> > <P>BIND 9.6 response:</P><SPAN lang=3DEN> > <P>Domain Name System (response)</P> > <P>Transaction ID: 0x6427</P> > <P>Flags: 0x8000 (Standard query response, No error)</P> > <P>1... .... .... .... =3D Response: Message is a response</P> > <P>.000 0... .... .... =3D Opcode: Standard query (0)</P> > <P>.... .0.. .... .... =3D Authoritative: Server is not an authority for = > > domain</P> > <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P> > <P>.... ...0 .... .... =3D Recursion desired: Don't do query = > recursively</P> > <P>.... .... 0... .... =3D Recursion available: Server can't do = > recursive=20 > queries</P> > <P>.... .... .0.. .... =3D Z: reserved (0)</P> > <P>.... .... ..0. .... =3D Answer authenticated: Answer/authority = > portion was not=20 > authenticated by the server</P> > <P>.... .... .... 0000 =3D Reply code: No error (0)</P> > <P>Questions: 1</P> > <P>Answer RRs: 0</P> > <P>Authority RRs: 6</P> > <P>Additional RRs: 1</P> > <P>Queries</P> > <P>vwall4a.nyc.gov: type A, class IN</P> > <P>Name: vwall4a.nyc.gov</P> > <P>Type: A (Host address)</P> > <P>Class: IN (0x0001)</P> > <P>Authoritative nameservers</P> > <P>nyc.gov: type NS, class IN, ns vwall1a.nyc.gov</P> > <P>Name: nyc.gov</P> > <P>Type: NS (Authoritative name server)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 10</P> > <P>Name server: vwall1a.nyc.gov</P> > <P>nyc.gov: type NS, class IN, ns vwall2a.nyc.gov</P> > <P>Name: nyc.gov</P> > <P>Type: NS (Authoritative name server)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 10</P> > <P>Name server: vwall2a.nyc.gov</P> > <P>nyc.gov: type NS, class IN, ns vwall3a.nyc.gov</P> > <P>Name: nyc.gov</P> > <P>Type: NS (Authoritative name server)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 10</P> > <P>Name server: vwall3a.nyc.gov</P> > <P>nyc.gov: type NS, class IN, ns vwall4a.nyc.gov</P> > <P>Name: nyc.gov</P> > <P>Type: NS (Authoritative name server)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 10</P> > <P>Name server: vwall4a.nyc.gov</P> > <P>rq2651faaj4nen6tfis8ju5005qccn8j.gov: type Unknown (50), class IN</P> > <P>Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov</P> > <P>Type: Unknown (50)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 35</P> > <P>Data</P> > <P>rq2651faaj4nen6tfis8ju5005qccn8j.gov: type RRSIG, class IN</P> > <P>Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov</P> > <P>Type: RRSIG (RR signature)</P> > <P>Class: IN (0x0001)</P> > <P>Time to live: 1 day</P> > <P>Data length: 279</P> > <P>Type covered: Unknown (50)</P> > <P>Algorithm: Unknown (0x07)</P> > <P>Labels: 2</P> > <P>Original TTL: 1 day</P> > <P>Signature expiration: Feb 22, 2011 05:00:22.000000000</P> > <P>Time signed: Feb 17, 2011 05:00:22.000000000</P> > <P>Id of signing key(footprint): 47602</P> > <P>Signer's name: gov</P> > <P>Signature</P> > <P>Additional records</P> > <P><Root>: type OPT</P> > <P>Name: <Root></P> > <P>Type: OPT (EDNS0 option)</P> > <P>UDP payload size: 1472</P> > <P>Higher bits in extended RCODE: 0x0</P> > <P>EDNS0 version: 0</P> > <P>Z: 0x0</P> > <P>Data length: 0</P></SPAN></SPAN></DIV></BODY></HTML> > > ------=_NextPart_000_0116_01CBCF84.31A5E720-- > > > > --===============7478579667512691322== > Content-Type: text/plain; charset="us-ascii" > MIME-Version: 1.0 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > --===============7478579667512691322==-- > > - -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org ------- End of Blind-Carbon-Copy