Re: [DNSOP] Unexpected behaviour of dig +trace

[Warren Kumari <warren@kumari.net>]

On Wed, Mar 26, 2014 at 5:22 PM, Florian Streibelt
<florian@inet.tu-berlin.de> wrote:
> Hello DNS ops,
>
> last week I discovered something that I personally would consider a bug in
> binds dig utility, at least the behaviour was unexpected for me.
>
> Summary: too many dns requests, using the system resolver although told
> otherwise.
>
> My question now is: bug or feature?

"Feature", but does catch many folk by surprise.
I'd written a patch and given it to someone at ISC that makes dig
output a warning message if you hand it both the "+trace" and
"@server" options. Dunno what happened, but never got integrated...

W


>
>
> Currently I am implementing a little testbed that simulates the DNS
> hiererchy, including root servers, TLD servers and so on.
>
> I thought it would be nice to let the dig utility show me the delegations it
> follows when resolving www.example.org in my testbed, using the +trace option,
> and starting by one of the simulated rootservers. Like so:
>
>
> $ dig +trace www.example.org @10.1.1.1
>
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace www.example.org @10.1.1.1
> ;; global options: +cmd
> .           2   IN  NS  a.root-servers.net.
> .           2   IN  NS  a.root-servers.net.
> ;; Received 77 bytes from 10.1.1.1#53(10.1.1.1) in 5 ms
>
> org.            172800  IN  NS  d0.org.afilias-nst.org.
> org.            172800  IN  NS  b2.org.afilias-nst.org.
> org.            172800  IN  NS  b0.org.afilias-nst.org.
> org.            172800  IN  NS  c0.org.afilias-nst.info.
> org.            172800  IN  NS  a2.org.afilias-nst.info.
> org.            172800  IN  NS  a0.org.afilias-nst.info.
> ;; Received 435 bytes from 198.41.0.4#53(198.41.0.4) in 188 ms
>
> example.org.        86400   IN  NS  a.iana-servers.net.
> example.org.        86400   IN  NS  b.iana-servers.net.
> ;; Received 81 bytes from 199.19.56.1#53(199.19.56.1) in 186 ms
>
> www.example.org.    86400   IN  A   93.184.216.119
> example.org.        172800  IN  NS  b.iana-servers.net.
> example.org.        172800  IN  NS  a.iana-servers.net.
> ;; Received 185 bytes from 199.43.133.53#53(199.43.133.53) in 192 ms
>
>
>
> As you can see, immedeately after the first lookup the dig utility leaves my
> testbed, which consists of a simulated 10/8,  and runs right off the Internet.
>
>
> The reason is that dig uses the system resolver from resolv.conf for all but
> the initial query and the direct queries to the authoritative servers.
>
>
> This can easily by validated when you look at a pcap trace from something like
>
> $ dig +trace www.tu-berlin.de @198.41.0.4
>
> or
>
> $ dig +trace -4 www.tu-berlin.de @198.41.0.4
>
> For reference I attached a plot generated by wireshark for the second command,
> limiting the packet count from 94 to 52 packets.
>
>
> cheers,
>   Florian
>
>
>
> --
> Florian Streibelt, Dipl.-Inf.        building MAR, 4th floor, room 4.004
> Fachgebiet INET - Sekr. MAR 4-4          phone: +49 30 314 757 33
> Technische Universität Berlin           gpg-fp: 5BE7 F008 8B83 9357 1108
> Marchstrasse 23 - 10587 Berlin                  984A 3B8E A41F 82F6 1240
>
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>