IETF Logo Mail Archive

Re: [dnsext] [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses

marka@isc.org Sat, 19 February 2011 11:08 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3F87D3A6FF9 for <dnsext@core3.amsl.com>; Sat, 19 Feb 2011 03:08:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.753
X-Spam-Level:
X-Spam-Status: No, score=-1.753 tagged_above=-999 required=5 tests=[AWL=-0.820, BAYES_00=-2.599, SARE_HTML_URI_LHOST31=1.666]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9EMRMMiGJ3qW for <dnsext@core3.amsl.com>; Sat, 19 Feb 2011 03:07:58 -0800 (PST)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by core3.amsl.com (Postfix) with ESMTP id A50E13A6FFB for <dnsext@ietf.org>; Sat, 19 Feb 2011 03:07:56 -0800 (PST)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "bikeshed.isc.org", Issuer "ISC CA" (verified OK)) by mx.ams1.isc.org (Postfix) with ESMTPS id 1BE755F98A2 for <dnsext@ietf.org>; Sat, 19 Feb 2011 11:08:14 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (c211-30-172-21.carlnfd1.nsw.optusnet.com.au [211.30.172.21]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id C08EE216C22 for <dnsext@ietf.org>; Sat, 19 Feb 2011 11:08:10 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 72F45A53944 for <dnsext@ietf.org>; Sat, 19 Feb 2011 22:08:05 +1100 (EST)
Date: Sat, 19 Feb 2011 22:08:05 +1100
Message-Id: <20110219110805.72F45A53944@drugs.dv.isc.org>
From: marka@isc.org
To: undisclosed-recipients:;
X-Mailman-Approved-At: Mon, 21 Feb 2011 08:43:29 -0800
Subject: Re: [dnsext] [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 19 Feb 2011 11:08:00 -0000

------- Blind-Carbon-Copy

To: Shaoquan Lin <lin@ccny.cuny.edu>
Cc: bind-users@isc.org
From: Mark Andrews <marka@isc.org>
References: <17894D6D30484DDFBBE95BEF987FF5D1@se179>
Subject: Re: [SOLVED] Re: BIND9 SERVFAIL on some .gov addresses
In-reply-to: Your message of "Fri, 18 Feb 2011 15:54:58 CDT."
             <17894D6D30484DDFBBE95BEF987FF5D1@se179>
Date: Sat, 19 Feb 2011 22:08:05 +1100


In message <17894D6D30484DDFBBE95BEF987FF5D1@se179>, "Shaoquan Lin" writes:
> Ryan,
> 
> Have you solved your problem?  I have similar problems. I run BIND =
> 9.6..1-P3 on my Solaris 10 and can not resolve anything in domain =
> nyc.gov.  One thing I noticed is:  BIND 9.3 send query to =
> b.gov-servers.net with no Additional records and got a response with  A =
> records for the nyc.gov NS servers in the Additional records; but BIND =
> 9.6 send query with type OPT Additional records and got a response with =
> also a type OPT but no A in the Additional records.  So the BIND 9.6 can =
> not find the IP addresses of the nyc.gov NS servers and therefore can =
> not resolve anything in that domain.  Using options "max-udp-size  512" =
> and "edns-udp-size  512"  does not solve the  problem.
> 
> The following are the what I captured.  Anyone have any suggestions to =
> solve the problem?         =20
> 
> Shaoquan Lin

This is really a DNS protocol bug.  Glue is not optional when
returning a referral and failure to add glue should result in
"tc" being set.

Note: named should set "tc" in the case to work around this protocol
bug.  It's useful to have a real life example rather than a contrived
example.

2784.   [bug]           TC was not always being set when required glue was
                        dropped. [RT #20655]

1804.   [bug]           Ensure that if we are queried for glue that it fits
                        in the additional section or TC is set to tell the
                        client to retry using TCP. [RT #10114]


> BIND 9.3 query:
> Domain Name System (query)
> 
> Transaction ID: 0x94ca
> 
> Flags: 0x0000 (Standard query)
> 
> 0... .... .... .... =3D Response: Message is a query
> 
> .000 0... .... .... =3D Opcode: Standard query (0)
> 
> .... ..0. .... .... =3D Truncated: Message is not truncated
> 
> .... ...0 .... .... =3D Recursion desired: Don't do query recursively
> 
> .... .... .0.. .... =3D Z: reserved (0)
> 
> .... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated =
> data is unacceptable
> 
> Questions: 1
> 
> Answer RRs: 0
> 
> Authority RRs: 0
> 
> Additional RRs: 0
> 
> Queries
> 
> vwall4a.nyc.gov: type A, class IN
> 
> Name: vwall4a.nyc.gov
> 
> Type: A (Host address)
> 
> Class: IN (0x0001)
> 
> BIND 9.3 response:
> 
> Domain Name System (response)
> 
> Transaction ID: 0x94ca
> 
> Flags: 0x8000 (Standard query response, No error)
> 
> 1... .... .... .... =3D Response: Message is a response
> 
> .000 0... .... .... =3D Opcode: Standard query (0)
> 
> .... .0.. .... .... =3D Authoritative: Server is not an authority for =
> domain
> 
> .... ..0. .... .... =3D Truncated: Message is not truncated
> 
> .... ...0 .... .... =3D Recursion desired: Don't do query recursively
> 
> .... .... 0... .... =3D Recursion available: Server can't do recursive =
> queries
> 
> .... .... .0.. .... =3D Z: reserved (0)
> 
> .... .... ..0. .... =3D Answer authenticated: Answer/authority portion =
> was not authenticated by the server
> 
> .... .... .... 0000 =3D Reply code: No error (0)
> 
> Questions: 1
> 
> Answer RRs: 0
> 
> Authority RRs: 4
> 
> Additional RRs: 4
> 
> Queries
> 
> vwall4a.nyc.gov: type A, class IN
> 
> Name: vwall4a.nyc.gov
> 
> Type: A (Host address)
> 
> Class: IN (0x0001)
> 
> Authoritative nameservers
> 
> nyc.gov: type NS, class IN, ns vwall1a.nyc.gov
> 
> Name: nyc.gov
> 
> Type: NS (Authoritative name server)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 10
> 
> Name server: vwall1a.nyc.gov
> 
> nyc.gov: type NS, class IN, ns vwall2a.nyc.gov
> 
> Name: nyc.gov
> 
> Type: NS (Authoritative name server)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 10
> 
> Name server: vwall2a.nyc.gov
> 
> nyc.gov: type NS, class IN, ns vwall3a.nyc.gov
> 
> Name: nyc.gov
> 
> Type: NS (Authoritative name server)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 10
> 
> Name server: vwall3a.nyc.gov
> 
> nyc.gov: type NS, class IN, ns vwall4a.nyc.gov
> 
> Name: nyc.gov
> 
> Type: NS (Authoritative name server)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 10
> 
> Name server: vwall4a.nyc.gov
> 
> Additional records
> 
> vwall1a.nyc.gov: type A, class IN, addr 161.185.1.3
> 
> Name: vwall1a.nyc.gov
> 
> Type: A (Host address)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 4
> 
> Addr: 161.185.1.3
> 
> vwall2a.nyc.gov: type A, class IN, addr 161.185.1.12
> 
> Name: vwall2a.nyc.gov
> 
> Type: A (Host address)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 4
> 
> Addr: 161.185.1.12
> 
> vwall3a.nyc.gov: type A, class IN, addr 167.153.130.12
> 
> Name: vwall3a.nyc.gov
> 
> Type: A (Host address)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 4
> 
> Addr: 167.153.130.12
> 
> vwall4a.nyc.gov: type A, class IN, addr 167.153.130.13
> 
> Name: vwall4a.nyc.gov
> 
> Type: A (Host address)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 4
> 
> Addr: 167.153.130.13
> 
> BIND 9.6 query:
> 
> Domain Name System (query)
> 
> Transaction ID: 0x6427
> 
> Flags: 0x0000 (Standard query)
> 
> 0... .... .... .... =3D Response: Message is a query
> 
> .000 0... .... .... =3D Opcode: Standard query (0)
> 
> .... ..0. .... .... =3D Truncated: Message is not truncated
> 
> .... ...0 .... .... =3D Recursion desired: Don't do query recursively
> 
> .... .... .0.. .... =3D Z: reserved (0)
> 
> .... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated =
> data is unacceptable
> 
> Questions: 1
> 
> Answer RRs: 0
> 
> Authority RRs: 0
> 
> Additional RRs: 1
> 
> Queries
> 
> vwall4a.nyc.gov: type A, class IN
> 
> Name: vwall4a.nyc.gov
> 
> Type: A (Host address)
> 
> Class: IN (0x0001)
> 
> Additional records
> 
> <Root>: type OPT
> 
> Name: <Root>
> 
> Type: OPT (EDNS0 option)
> 
> UDP payload size: 512
> 
> Higher bits in extended RCODE: 0x0
> 
> EDNS0 version: 0
> 
> Z: 0x8000
> 
> Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)
> 
> Bits 1-15: 0x0 (reserved)
> 
> Data length: 0
> 
> BIND 9.6 response:
> 
> Domain Name System (response)
> 
> Transaction ID: 0x6427
> 
> Flags: 0x8000 (Standard query response, No error)
> 
> 1... .... .... .... =3D Response: Message is a response
> 
> .000 0... .... .... =3D Opcode: Standard query (0)
> 
> .... .0.. .... .... =3D Authoritative: Server is not an authority for =
> domain
> 
> .... ..0. .... .... =3D Truncated: Message is not truncated
> 
> .... ...0 .... .... =3D Recursion desired: Don't do query recursively
> 
> .... .... 0... .... =3D Recursion available: Server can't do recursive =
> queries
> 
> .... .... .0.. .... =3D Z: reserved (0)
> 
> .... .... ..0. .... =3D Answer authenticated: Answer/authority portion =
> was not authenticated by the server
> 
> .... .... .... 0000 =3D Reply code: No error (0)
> 
> Questions: 1
> 
> Answer RRs: 0
> 
> Authority RRs: 6
> 
> Additional RRs: 1
> 
> Queries
> 
> vwall4a.nyc.gov: type A, class IN
> 
> Name: vwall4a.nyc.gov
> 
> Type: A (Host address)
> 
> Class: IN (0x0001)
> 
> Authoritative nameservers
> 
> nyc.gov: type NS, class IN, ns vwall1a.nyc.gov
> 
> Name: nyc.gov
> 
> Type: NS (Authoritative name server)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 10
> 
> Name server: vwall1a.nyc.gov
> 
> nyc.gov: type NS, class IN, ns vwall2a.nyc.gov
> 
> Name: nyc.gov
> 
> Type: NS (Authoritative name server)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 10
> 
> Name server: vwall2a.nyc.gov
> 
> nyc.gov: type NS, class IN, ns vwall3a.nyc.gov
> 
> Name: nyc.gov
> 
> Type: NS (Authoritative name server)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 10
> 
> Name server: vwall3a.nyc.gov
> 
> nyc.gov: type NS, class IN, ns vwall4a.nyc.gov
> 
> Name: nyc.gov
> 
> Type: NS (Authoritative name server)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 10
> 
> Name server: vwall4a.nyc.gov
> 
> rq2651faaj4nen6tfis8ju5005qccn8j.gov: type Unknown (50), class IN
> 
> Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov
> 
> Type: Unknown (50)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 35
> 
> Data
> 
> rq2651faaj4nen6tfis8ju5005qccn8j.gov: type RRSIG, class IN
> 
> Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov
> 
> Type: RRSIG (RR signature)
> 
> Class: IN (0x0001)
> 
> Time to live: 1 day
> 
> Data length: 279
> 
> Type covered: Unknown (50)
> 
> Algorithm: Unknown (0x07)
> 
> Labels: 2
> 
> Original TTL: 1 day
> 
> Signature expiration: Feb 22, 2011 05:00:22.000000000
> 
> Time signed: Feb 17, 2011 05:00:22.000000000
> 
> Id of signing key(footprint): 47602
> 
> Signer's name: gov
> 
> Signature
> 
> Additional records
> 
> <Root>: type OPT
> 
> Name: <Root>
> 
> Type: OPT (EDNS0 option)
> 
> UDP payload size: 1472
> 
> Higher bits in extended RCODE: 0x0
> 
> EDNS0 version: 0
> 
> Z: 0x0
> 
> Data length: 0
> 
> ------=_NextPart_000_0116_01CBCF84.31A5E720
> Content-Type: text/html;
> 	charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META content=3D"text/html; charset=3Diso-8859-1" =
> http-equiv=3DContent-Type>
> <META name=3DGENERATOR content=3D"MSHTML 8.00.6001.19019">
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT size=3D2 face=3DArial>Ryan,</FONT></DIV>
> <DIV><FONT size=3D2 face=3DArial></FONT>&nbsp;</DIV>
> <DIV><FONT size=3D2 face=3DArial>Have you solved your problem?&nbsp; I =
> have similar=20
> problems. I run BIND 9.6..1-P3 on my Solaris 10 and can not resolve =
> anything in=20
> domain nyc.gov.&nbsp; One thing I noticed is:&nbsp; BIND 9.3 send query =
> to=20
> b.gov-servers.net with no Additional records and got a response=20
> with&nbsp;&nbsp;A records for the nyc.gov NS servers in the Additional =
> records;=20
> but BIND 9.6 send query with type OPT Additional records and got a =
> response with=20
> also a type OPT but no A in the Additional records.&nbsp; So the BIND =
> 9.6 can=20
> not find the IP addresses of the nyc.gov NS servers and therefore can =
> not=20
> resolve anything in that domain.&nbsp; Using options "<FONT=20
> size=3D3>max-udp-size&nbsp; 512" and "edns-udp-size&nbsp; 512"&nbsp; =
> does not=20
> solve the&nbsp; problem.</FONT></FONT></DIV>
> <DIV><FONT face=3DArial></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial>The following are the what I captured.&nbsp; =
> Anyone have=20
> any suggestions to solve the=20
> problem?&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; =
> </FONT></DIV>
> <DIV><FONT face=3DArial></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial>Shaoquan Lin</FONT></DIV>
> <DIV><FONT face=3DArial></FONT>&nbsp;</DIV>
> <DIV><FONT face=3DArial>BIND 9.3 query:</FONT></DIV>
> <DIV><FONT size=3D2 face=3DArial><SPAN lang=3DEN>
> <P>Domain Name System (query)</P>
> <P>Transaction ID: 0x94ca</P>
> <P>Flags: 0x0000 (Standard query)</P>
> <P>0... .... .... .... =3D Response: Message is a query</P>
> <P>.000 0... .... .... =3D Opcode: Standard query (0)</P>
> <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P>
> <P>.... ...0 .... .... =3D Recursion desired: Don't do query =
> recursively</P>
> <P>.... .... .0.. .... =3D Z: reserved (0)</P>
> <P>.... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated =
> data is=20
> unacceptable</P>
> <P>Questions: 1</P>
> <P>Answer RRs: 0</P>
> <P>Authority RRs: 0</P>
> <P>Additional RRs: 0</P>
> <P>Queries</P>
> <P>vwall4a.nyc.gov: type A, class IN</P>
> <P>Name: vwall4a.nyc.gov</P>
> <P>Type: A (Host address)</P>
> <P>Class: IN (0x0001)</P>
> <P>BIND 9.3 response:</P><SPAN lang=3DEN>
> <P>Domain Name System (response)</P>
> <P>Transaction ID: 0x94ca</P>
> <P>Flags: 0x8000 (Standard query response, No error)</P>
> <P>1... .... .... .... =3D Response: Message is a response</P>
> <P>.000 0... .... .... =3D Opcode: Standard query (0)</P>
> <P>.... .0.. .... .... =3D Authoritative: Server is not an authority for =
> 
> domain</P>
> <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P>
> <P>.... ...0 .... .... =3D Recursion desired: Don't do query =
> recursively</P>
> <P>.... .... 0... .... =3D Recursion available: Server can't do =
> recursive=20
> queries</P>
> <P>.... .... .0.. .... =3D Z: reserved (0)</P>
> <P>.... .... ..0. .... =3D Answer authenticated: Answer/authority =
> portion was not=20
> authenticated by the server</P>
> <P>.... .... .... 0000 =3D Reply code: No error (0)</P>
> <P>Questions: 1</P>
> <P>Answer RRs: 0</P>
> <P>Authority RRs: 4</P>
> <P>Additional RRs: 4</P>
> <P>Queries</P>
> <P>vwall4a.nyc.gov: type A, class IN</P>
> <P>Name: vwall4a.nyc.gov</P>
> <P>Type: A (Host address)</P>
> <P>Class: IN (0x0001)</P>
> <P>Authoritative nameservers</P>
> <P>nyc.gov: type NS, class IN, ns vwall1a.nyc.gov</P>
> <P>Name: nyc.gov</P>
> <P>Type: NS (Authoritative name server)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 10</P>
> <P>Name server: vwall1a.nyc.gov</P>
> <P>nyc.gov: type NS, class IN, ns vwall2a.nyc.gov</P>
> <P>Name: nyc.gov</P>
> <P>Type: NS (Authoritative name server)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 10</P>
> <P>Name server: vwall2a.nyc.gov</P>
> <P>nyc.gov: type NS, class IN, ns vwall3a.nyc.gov</P>
> <P>Name: nyc.gov</P>
> <P>Type: NS (Authoritative name server)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 10</P>
> <P>Name server: vwall3a.nyc.gov</P>
> <P>nyc.gov: type NS, class IN, ns vwall4a.nyc.gov</P>
> <P>Name: nyc.gov</P>
> <P>Type: NS (Authoritative name server)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 10</P>
> <P>Name server: vwall4a.nyc.gov</P>
> <P>Additional records</P>
> <P>vwall1a.nyc.gov: type A, class IN, addr 161.185.1.3</P>
> <P>Name: vwall1a.nyc.gov</P>
> <P>Type: A (Host address)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 4</P>
> <P>Addr: 161.185.1.3</P>
> <P>vwall2a.nyc.gov: type A, class IN, addr 161.185.1.12</P>
> <P>Name: vwall2a.nyc.gov</P>
> <P>Type: A (Host address)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 4</P>
> <P>Addr: 161.185.1.12</P>
> <P>vwall3a.nyc.gov: type A, class IN, addr 167.153.130.12</P>
> <P>Name: vwall3a.nyc.gov</P>
> <P>Type: A (Host address)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 4</P>
> <P>Addr: 167.153.130.12</P>
> <P>vwall4a.nyc.gov: type A, class IN, addr 167.153.130.13</P>
> <P>Name: vwall4a.nyc.gov</P>
> <P>Type: A (Host address)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 4</P>
> <P>Addr: 167.153.130.13</P></SPAN></SPAN></FONT></DIV>
> <DIV><FONT size=3D2 face=3DArial>BIND 9.6 query:</FONT></DIV>
> <DIV>&nbsp;</DIV>
> <DIV><SPAN lang=3DEN>
> <P>Domain Name System (query)</P>
> <P>Transaction ID: 0x6427</P>
> <P>Flags: 0x0000 (Standard query)</P>
> <P>0... .... .... .... =3D Response: Message is a query</P>
> <P>.000 0... .... .... =3D Opcode: Standard query (0)</P>
> <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P>
> <P>.... ...0 .... .... =3D Recursion desired: Don't do query =
> recursively</P>
> <P>.... .... .0.. .... =3D Z: reserved (0)</P>
> <P>.... .... ...0 .... =3D Non-authenticated data OK: Non-authenticated =
> data is=20
> unacceptable</P>
> <P>Questions: 1</P>
> <P>Answer RRs: 0</P>
> <P>Authority RRs: 0</P>
> <P>Additional RRs: 1</P>
> <P>Queries</P>
> <P>vwall4a.nyc.gov: type A, class IN</P>
> <P>Name: vwall4a.nyc.gov</P>
> <P>Type: A (Host address)</P>
> <P>Class: IN (0x0001)</P>
> <P>Additional records</P>
> <P>&lt;Root&gt;: type OPT</P>
> <P>Name: &lt;Root&gt;</P>
> <P>Type: OPT (EDNS0 option)</P>
> <P>UDP payload size: 512</P>
> <P>Higher bits in extended RCODE: 0x0</P>
> <P>EDNS0 version: 0</P>
> <P>Z: 0x8000</P>
> <P>Bit 0 (DO bit): 1 (Accepts DNSSEC security RRs)</P>
> <P>Bits 1-15: 0x0 (reserved)</P>
> <P>Data length: 0</P>
> <P>BIND 9.6 response:</P><SPAN lang=3DEN>
> <P>Domain Name System (response)</P>
> <P>Transaction ID: 0x6427</P>
> <P>Flags: 0x8000 (Standard query response, No error)</P>
> <P>1... .... .... .... =3D Response: Message is a response</P>
> <P>.000 0... .... .... =3D Opcode: Standard query (0)</P>
> <P>.... .0.. .... .... =3D Authoritative: Server is not an authority for =
> 
> domain</P>
> <P>.... ..0. .... .... =3D Truncated: Message is not truncated</P>
> <P>.... ...0 .... .... =3D Recursion desired: Don't do query =
> recursively</P>
> <P>.... .... 0... .... =3D Recursion available: Server can't do =
> recursive=20
> queries</P>
> <P>.... .... .0.. .... =3D Z: reserved (0)</P>
> <P>.... .... ..0. .... =3D Answer authenticated: Answer/authority =
> portion was not=20
> authenticated by the server</P>
> <P>.... .... .... 0000 =3D Reply code: No error (0)</P>
> <P>Questions: 1</P>
> <P>Answer RRs: 0</P>
> <P>Authority RRs: 6</P>
> <P>Additional RRs: 1</P>
> <P>Queries</P>
> <P>vwall4a.nyc.gov: type A, class IN</P>
> <P>Name: vwall4a.nyc.gov</P>
> <P>Type: A (Host address)</P>
> <P>Class: IN (0x0001)</P>
> <P>Authoritative nameservers</P>
> <P>nyc.gov: type NS, class IN, ns vwall1a.nyc.gov</P>
> <P>Name: nyc.gov</P>
> <P>Type: NS (Authoritative name server)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 10</P>
> <P>Name server: vwall1a.nyc.gov</P>
> <P>nyc.gov: type NS, class IN, ns vwall2a.nyc.gov</P>
> <P>Name: nyc.gov</P>
> <P>Type: NS (Authoritative name server)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 10</P>
> <P>Name server: vwall2a.nyc.gov</P>
> <P>nyc.gov: type NS, class IN, ns vwall3a.nyc.gov</P>
> <P>Name: nyc.gov</P>
> <P>Type: NS (Authoritative name server)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 10</P>
> <P>Name server: vwall3a.nyc.gov</P>
> <P>nyc.gov: type NS, class IN, ns vwall4a.nyc.gov</P>
> <P>Name: nyc.gov</P>
> <P>Type: NS (Authoritative name server)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 10</P>
> <P>Name server: vwall4a.nyc.gov</P>
> <P>rq2651faaj4nen6tfis8ju5005qccn8j.gov: type Unknown (50), class IN</P>
> <P>Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov</P>
> <P>Type: Unknown (50)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 35</P>
> <P>Data</P>
> <P>rq2651faaj4nen6tfis8ju5005qccn8j.gov: type RRSIG, class IN</P>
> <P>Name: rq2651faaj4nen6tfis8ju5005qccn8j.gov</P>
> <P>Type: RRSIG (RR signature)</P>
> <P>Class: IN (0x0001)</P>
> <P>Time to live: 1 day</P>
> <P>Data length: 279</P>
> <P>Type covered: Unknown (50)</P>
> <P>Algorithm: Unknown (0x07)</P>
> <P>Labels: 2</P>
> <P>Original TTL: 1 day</P>
> <P>Signature expiration: Feb 22, 2011 05:00:22.000000000</P>
> <P>Time signed: Feb 17, 2011 05:00:22.000000000</P>
> <P>Id of signing key(footprint): 47602</P>
> <P>Signer's name: gov</P>
> <P>Signature</P>
> <P>Additional records</P>
> <P>&lt;Root&gt;: type OPT</P>
> <P>Name: &lt;Root&gt;</P>
> <P>Type: OPT (EDNS0 option)</P>
> <P>UDP payload size: 1472</P>
> <P>Higher bits in extended RCODE: 0x0</P>
> <P>EDNS0 version: 0</P>
> <P>Z: 0x0</P>
> <P>Data length: 0</P></SPAN></SPAN></DIV></BODY></HTML>
> 
> ------=_NextPart_000_0116_01CBCF84.31A5E720--
> 
> 
> 
> --===============7478579667512691322==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============7478579667512691322==--
> 
> 
- -- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

------- End of Blind-Carbon-Copy

v2.23.0 | Report a Bug | By Email