Maintained by: NLnet Labs

[Unbound-users] Question about qtype=any

W.C.A. Wijngaards
Mon Jul 11 11:14:06 CEST 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Yes, unbound continues processing and follows the CNAME, also for qtype
ANY.  It fetches the qtype ANY at the CNAME destination for the client.

Best regards,
   Wouter

On 07/11/2011 02:59 AM, Luo Ce wrote:
> Not only www.google.com, I tried www.sohu.com <http://www.sohu.com> and
> www.yahoo.com <http://www.yahoo.com>, the results unbound gave me all
> include the A records.
> 
> So the problem may not be the authoritative server, it looks like
> unbound continue to process the cname response and get the final A records.
> 
>  
> 
> ; <<>> DiG 9.7.3-P1 <<>> @localhost www.sohu.com any
> 
> ; (1 server found)
> 
> ;; global options: +cmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55095
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 3
> 
>  
> 
> ;; QUESTION SECTION:
> 
> ;www.sohu.com.                  IN      ANY
> 
>  
> 
> ;; ANSWER SECTION:
> 
> www.sohu.com.           600     IN      CNAME   d7.a.sohu.com.
> 
> d7.a.sohu.com.          300     IN      CNAME   frontend-tc7.a.sohu.com.
> 
> frontend-tc7.a.sohu.com. 300    IN      A       61.135.181.169
> 
> frontend-tc7.a.sohu.com. 300    IN      A       61.135.181.171
> 
> frontend-tc7.a.sohu.com. 300    IN      A       61.135.181.167
> 
>  
> 
> ;; AUTHORITY SECTION:
> 
> a.sohu.com.             3600    IN      NS      y.a.sohu.com.
> 
> a.sohu.com.             3600    IN      NS      x.a.sohu.com.
> 
> a.sohu.com.             3600    IN      NS      z.a.sohu.com.
> 
>  
> 
> ;; ADDITIONAL SECTION:
> 
> x.a.sohu.com.           7200    IN      A       121.14.0.42
> 
> y.a.sohu.com.           7200    IN      A       220.181.26.169
> 
> z.a.sohu.com.           7200    IN      A       61.135.179.168
> 
>  
> 
> ; <<>> DiG 9.7.3-P1 <<>> @localhost www.yahoo.com any
> 
> ; (1 server found)
> 
> ;; global options: +cmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24745
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
> 
>  
> 
> ;; QUESTION SECTION:
> 
> ;www.yahoo.com.                 IN      ANY
> 
>  
> 
> ;; ANSWER SECTION:
> 
> www.yahoo.com.          300     IN      CNAME   fp.wg1.b.yahoo.com.
> 
> fp.wg1.b.yahoo.com.     60      IN      CNAME   any-fp.wa1.b.yahoo.com.
> 
> any-fp.wa1.b.yahoo.com. 60      IN      A       98.137.149.56
> 
> any-fp.wa1.b.yahoo.com. 60      IN      A       72.30.2.43
> 
>  
> 
> *From:*Blacka, David [mailto:davidb at verisign.com]
> *Sent:* Friday, July 08, 2011 8:25 PM
> *To:* Luo Ce
> *Cc:* <unbound-users at unbound.net>
> *Subject:* Re: [Unbound-users] Question about qtype=any
> 
>  
> 
>  
> 
> On Jul 7, 2011, at 9:30 PM, Luo Ce wrote:
> 
> 
> 
> Hi all,
> 
>  
> 
> When I use unbound and send a query with qtype = any
> 
> dig @localhost www.google.com <http://www.google.com> any
> 
> unbound returns me the following results:
> 
> ; (1 server found)
> 
> ;; global options: +cmd
> 
> ;; Got answer:
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11161
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0
> 
>  
> 
> ;; QUESTION SECTION:
> 
> ;www.google.com.                        IN      ANY
> 
>  
> 
> ;; ANSWER SECTION:
> 
> www.google.com <http://www.google.com>.         604800  IN     
> CNAME   www.l.google.com <http://www.l.google.com>.
> 
> www.l.google.com <http://www.l.google.com>.       300     IN     
> A       74.125.71.147
> 
> www.l.google.com <http://www.l.google.com>.       300     IN     
> A       74.125.71.99
> 
> www.l.google.com <http://www.l.google.com>.       300     IN     
> A       74.125.71.106
> 
> www.l.google.com <http://www.l.google.com>.       300     IN     
> A       74.125.71.105
> 
> www.l.google.com <http://www.l.google.com>.       300     IN     
> A       74.125.71.103
> 
> www.l.google.com <http://www.l.google.com>.       300     IN     
> A       74.125.71.104
> 
>  
> 
> I just want to know whether the A records are needed for the qtype any,
> cos when I send the same query to bind, it only returns me the cname answer.
> 
>  
> 
> I believe what is happening here is that unbound is returning what the
> authoritative server returns for 'www.google.com/ANY', while BIND is
> reconstructing the answer (that is, looking at its cache and returning
> all RRsets that match the qname).  
> 
>  
> 
> So, maybe a better question is: why does google's authoritative
> nameservers return the A records with qtype=ANY?
> 
>  
> 
> --
> David Blacka                          <davidb at verisign.com
> <mailto:davidb at verisign.com>> 
> Principal Engineer      Verisign Infrastructure Engineering
> 
>  
> 
> 
> 
> _______________________________________________
> Unbound-users mailing list
> Unbound-users at unbound.net
> http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOGr7eAAoJEJ9vHC1+BF+NHmsQAKj9JzgXAr9QIztSDZY7VnXy
6inoCdGq/7vWrD/7AnYDuGHQuliF5QUMXPAP30c+datUc6g6aDjJLusjlTEcCMHF
QeQ4OztMsBjyuHMXD977/ZA1aVkmHwKdh75EZMo/r60u+8DHHYYDt3sUszH5X8Nz
eVjnPpVjVp0lWLAerzzCTZ2HEM0YiLowiYa1rSVPk4eYHyMNc4xP1UGWi/gCCTER
4DaQ8im82goyt5fe5UNPhhoBKhvxiRmY2Am17MPElowrwqU+XTt42dklTlwCSCwX
xEdK50jPhLZtp7XUOPBq68YoXomyc80uFZkEEn4m3nSFZhRspA4331g3uUIuTZ07
WAiX9ydsHGTakwTIsP5TfGcYORZ+b6WKfBcWMzzk/NXowcXallufGSGRMPNx2rzo
89gu9fF3XBH3g0k3uIH7MogIhm/opECU0tDO40wRRY64DZ6TAbniltCwQSe2ZhDJ
69opoMacGYiHcwvmymJ04b5G/wUYBJ4FNi/TVAITsKHzIAkh89NHRPsJ3Rcil264
10N8Xck6Nz+G4JQZ3wpd8RyZx9D4yd94J/6uIWv7exTDZezqbD4m4XjRsUCtfcGK
w1mlPIYqGFPnAf5SgfU5P0yWjHsfK80vhlp6EIOBdWLStLzBmE21vY9vMtXerZ18
D4Vsx+vdrEvVX0hJMXnm
=0cl+
-----END PGP SIGNATURE-----