[prev in list] [next in list] [prev in thread] [next in thread]
List: dns-operations
Subject: Re: [dns-operations] why use different dig version return different result?
From: Doug Barton <dougb () dougbarton ! email>
Date: 2018-09-10 4:46:04
Message-ID: 64ae1b5d-d0bb-9861-29e2-55117a68999a () dougbarton ! email
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
On 09/09/2018 08:27 PM, Champion Xie wrote:
>
> why use different dig version return different result? Request to
> reach a different server?
>
>
> *./dig xn--j1amh. @212.1.66.247 <http://212.1.66.247> +edns=1*
> ;; BADVERS, retrying with EDNS version 0.
You apparently missed the above. Newer BIND steps down the EDNS version
if a higher version fails, and retries. SERVFAIL is the "correct"
answer, as nsi.uanic.net is apparently not configured for the zone (even
though it's in the root delegation for it).
Your earlier version of BIND below gave up on the BADVERS error.
> ; <<>> *DiG 9.11.1cn1-P3* <<>> xn--j1amh. @212.1.66.247
> <http://212.1.66.247> +edns=1
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: *SERVFAIL*, id: 41568
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;xn--j1amh.INA
>
> ;; Query time: 3249 msec
> ;; SERVER: 212.1.66.247#53(212.1.66.247)
> ;; WHEN: Mon Sep 10 11:15:29 CST 2018
> ;; MSG SIZE rcvd: 38
>
> dig xn--j1amh. @212.1.66.247 <http://212.1.66.247> +edns=1
>
> ; <<>>*DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6* <<>> xn--j1amh.
> @212.1.66.247 <http://212.1.66.247> +edns=1
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: *BADVERS*, id: 53766
> ;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; Query time: 819 msec
> ;; SERVER: 212.1.66.247#53(212.1.66.247)
> ;; WHEN: Mon Sep 10 11:16:08 2018
> ;; MSG SIZE rcvd: 23
>
> --
> Best Regards!!
> champion_xie
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations@lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 09/09/2018 08:27 PM, Champion Xie
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CANsrF0PxYBYGxduK2uXW_ocZ+zYd8S+_9QHMxTbLasC-wa8PVQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div>why use different dig version return different
result? Request to reach a different server?</div>
<br>
<div><br>
</div>
<div><b>./dig xn--j1amh. @<a href="http://212.1.66.247"
moz-do-not-send="true">212.1.66.247</a> +edns=1</b></div>
<div>;<font color="#33ff33">; BADVERS, retrying with EDNS
version 0.</font></div>
</div>
</div>
</div>
</blockquote>
<br>
You apparently missed the above. Newer BIND steps down the EDNS
version if a higher version fails, and retries. SERVFAIL is the
"correct" answer, as nsi.uanic.net is apparently not configured for
the zone (even though it's in the root delegation for it). <br>
<br>
Your earlier version of BIND below gave up on the BADVERS error. <br>
<br>
<blockquote type="cite"
cite="mid:CANsrF0PxYBYGxduK2uXW_ocZ+zYd8S+_9QHMxTbLasC-wa8PVQ@mail.gmail.com">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>; <<>> <b>DiG 9.11.1cn1-P3</b>
<<>> xn--j1amh. @<a href="http://212.1.66.247"
moz-do-not-send="true">212.1.66.247</a> +edns=1</div>
<div>;; global options: +cmd</div>
<div>;; Got answer:</div>
<div>;; ->>HEADER<<- opcode: QUERY, status: <b><font
color="#ff0000">SERVFAIL</font></b>, id: 41568</div>
<div>;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 1</div>
<div>;; WARNING: recursion requested but not available</div>
<div><br>
</div>
<div>;; OPT PSEUDOSECTION:</div>
<div>; EDNS: version: 0, flags:; udp: 4096</div>
<div>;; QUESTION SECTION:</div>
<div>;xn--j1amh.<span style="white-space:pre"> </span>IN<span \
style="white-space:pre"> </span>A</div> <div><br>
</div>
<div>;; Query time: 3249 msec</div>
<div>;; SERVER: 212.1.66.247#53(212.1.66.247)</div>
<div>;; WHEN: Mon Sep 10 11:15:29 CST 2018</div>
<div>;; MSG SIZE rcvd: 38</div>
<div><br>
</div>
<div>dig xn--j1amh. @<a href="http://212.1.66.247"
moz-do-not-send="true">212.1.66.247</a> +edns=1<br>
</div>
<div><br>
</div>
<div>; <<>><b> DiG
9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6</b> <<>>
xn--j1amh. @<a href="http://212.1.66.247"
moz-do-not-send="true">212.1.66.247</a> +edns=1</div>
<div>;; global options: +cmd</div>
<div>;; Got answer:</div>
<div>;; ->>HEADER<<- opcode: QUERY, status: <b><font
color="#ff0000">BADVERS</font></b>, id: 53766</div>
<div>;; flags: qr rd; QUERY: 0, ANSWER: 0, AUTHORITY: 0,
ADDITIONAL: 1</div>
<div>;; WARNING: recursion requested but not available</div>
<div><br>
</div>
<div>;; OPT PSEUDOSECTION:</div>
<div>; EDNS: version: 0, flags:; udp: 4096</div>
<div>;; Query time: 819 msec</div>
<div>;; SERVER: 212.1.66.247#53(212.1.66.247)</div>
<div>;; WHEN: Mon Sep 10 11:16:08 2018</div>
<div>;; MSG SIZE rcvd: 23</div>
<div><br>
</div>
-- <br>
<div dir="ltr" class="gmail_signature">
<div>Best Regards!!</div>
<div>champion_xie</div>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
dns-operations mailing list
<a class="moz-txt-link-abbreviated" \
href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a> \
<a class="moz-txt-link-freetext" \
href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a>
dns-operations mailing list
<a class="moz-txt-link-freetext" \
href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-operations mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic