Maintained by: NLnet Labs

[Unbound-users] Question about qtype=any

Luo Ce
Mon Jul 11 02:59:04 CEST 2011


Not only www.google.com, I tried www.sohu.com and www.yahoo.com, the results
unbound gave me all include the A records.

So the problem may not be the authoritative server, it looks like unbound
continue to process the cname response and get the final A records.

 

; <<>> DiG 9.7.3-P1 <<>> @localhost www.sohu.com any

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55095

;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 3

 

;; QUESTION SECTION:

;www.sohu.com.                  IN      ANY

 

;; ANSWER SECTION:

www.sohu.com.           600     IN      CNAME   d7.a.sohu.com.

d7.a.sohu.com.          300     IN      CNAME   frontend-tc7.a.sohu.com.

frontend-tc7.a.sohu.com. 300    IN      A       61.135.181.169

frontend-tc7.a.sohu.com. 300    IN      A       61.135.181.171

frontend-tc7.a.sohu.com. 300    IN      A       61.135.181.167

 

;; AUTHORITY SECTION:

a.sohu.com.             3600    IN      NS      y.a.sohu.com.

a.sohu.com.             3600    IN      NS      x.a.sohu.com.

a.sohu.com.             3600    IN      NS      z.a.sohu.com.

 

;; ADDITIONAL SECTION:

x.a.sohu.com.           7200    IN      A       121.14.0.42

y.a.sohu.com.           7200    IN      A       220.181.26.169

z.a.sohu.com.           7200    IN      A       61.135.179.168

 

; <<>> DiG 9.7.3-P1 <<>> @localhost www.yahoo.com any

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24745

;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

 

;; QUESTION SECTION:

;www.yahoo.com.                 IN      ANY

 

;; ANSWER SECTION:

www.yahoo.com.          300     IN      CNAME   fp.wg1.b.yahoo.com.

fp.wg1.b.yahoo.com.     60      IN      CNAME   any-fp.wa1.b.yahoo.com.

any-fp.wa1.b.yahoo.com. 60      IN      A       98.137.149.56

any-fp.wa1.b.yahoo.com. 60      IN      A       72.30.2.43

 

From: Blacka, David [mailto:davidb at verisign.com] 
Sent: Friday, July 08, 2011 8:25 PM
To: Luo Ce
Cc: <unbound-users at unbound.net>
Subject: Re: [Unbound-users] Question about qtype=any

 

 

On Jul 7, 2011, at 9:30 PM, Luo Ce wrote:





Hi all,

 

When I use unbound and send a query with qtype = any

dig @localhost www.google.com any

unbound returns me the following results:

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11161

;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0

 

;; QUESTION SECTION:

;www.google.com.                        IN      ANY

 

;; ANSWER SECTION:

www.google.com.         604800  IN      CNAME   www.l.google.com.

www.l.google.com.       300     IN      A       74.125.71.147

www.l.google.com.       300     IN      A       74.125.71.99

www.l.google.com.       300     IN      A       74.125.71.106

www.l.google.com.       300     IN      A       74.125.71.105

www.l.google.com.       300     IN      A       74.125.71.103

www.l.google.com.       300     IN      A       74.125.71.104

 

I just want to know whether the A records are needed for the qtype any, cos
when I send the same query to bind, it only returns me the cname answer.



 

I believe what is happening here is that unbound is returning what the
authoritative server returns for 'www.google.com/ANY', while BIND is
reconstructing the answer (that is, looking at its cache and returning all
RRsets that match the qname).  

 

So, maybe a better question is: why does google's authoritative nameservers
return the A records with qtype=ANY?

 

--
David Blacka                          <davidb at verisign.com> 
Principal Engineer      Verisign Infrastructure Engineering

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20110711/f562e872/attachment.html>