Maintained by: NLnet Labs

Can't dig +trace?

Fongaboo
Tue Jul 28 17:46:05 CEST 2015


Thanks for everyone's responses. An enlightening thread, and I fully 
understand now.


FONG



On Tue, 28 Jul 2015, Anand Buddhdev via Unbound-users wrote:

> On 28/07/15 15:17, Jaap Akkerhuis via Unbound-users wrote:
>
>> > However if I hit Google's lookup servers with the same command from the
>> > same client machine, I get the expected response...
>>
>> The +trace option causes dig not to use the local resolver. From the
>> dig manual:
>
> Not quite. If you use the +trace option, dig makes *one* query to its
> local resolver(s) to get a list of root name servers. Thereafter, it
> makes its own iterative queries. However, that initial query has RD=0,
> and unbound won't answer. Anonymous fongaboo will have to specifically
> allow cache snooping in unbound for this.
>
> This is a weird design choice in dig. It shouldn't rely on any resolvers
> for the initial query. It should just use a built-in list of root name
> servers, and prime itself, just like BIND does.
>
> Regards,
> Anand
>