Por que cavar Responda minhas consultas de maneira diferente?

0

Não consigo entender por que há uma diferença em como dig está respondendo minhas consultas no cliente. Eu configurei o arquivo de zona como abaixo no DNS

$ORIGIN mail.lab.example.com.
$TTL 0
@     IN      SOA     colombo root.mail.lab.example.com.  (
                                      2003022720 ; Serial
                                      56800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      2h )    ; Min
@              IN      NS      mail.lab.example.com.
@         IN  A   198.51.100.157

;NAPTR Records
pcr20718          IN      NAPTR   10      34      "s"     "SIP+D2U"       ""      _sip._udp.pcr20718

;SRV Records
_sip._udp.pcr20718  IN  SRV      9       17      15103  pcr20718

;A Records
pcr20718            IN A         10.54.80.7
pcr20718            IN AAAA      fd00:10:6b50:4500::9b

$ORIGIN webmail.mail.lab.example.com.

@        IN      NS      ns1.webmail.mail.lab.example.com.
ns1   IN  A   198.51.100.156
@        IN      NS      ns2.webmail.mail.lab.example.com.
ns2   IN  A   198.51.100.155
@        IN      NS      ns3.webmail.mail.lab.example.com.
ns3   IN  A   198.51.100.154
@        IN      NS      ns4.webmail.mail.lab.example.com.
ns4   IN  A   198.51.100.153
@        IN      NS      ns5.webmail.mail.lab.example.com.
ns5   IN  A   198.51.100.152
@        IN      NS      ns6.webmail.mail.lab.example.com.
ns6   IN  A   198.51.100.151
@        IN      NS      ns7.webmail.mail.lab.example.com.
ns7   IN  A   198.51.100.150
@        IN      NS      ns8.webmail.mail.lab.example.com.
ns8   IN  A   198.51.100.147
@        IN      NS      ns9.webmail.mail.lab.example.com.
ns9   IN  A   198.51.100.146
@        IN      NS      ns10.webmail.mail.lab.example.com.
ns10   IN  A   198.51.100.145
@        IN      NS      ns11.webmail.mail.lab.example.com.
ns11   IN  A   198.51.100.144
@        IN      NS      ns12.webmail.mail.lab.example.com.
ns12   IN  A   198.51.100.143
@        IN      NS      ns13.webmail.mail.lab.example.com.
ns13   IN  A   198.51.100.142
@        IN      NS      ns14.webmail.mail.lab.example.com.
ns14   IN  A   198.51.100.141
@        IN      NS      ns15.webmail.mail.lab.example.com.
ns15   IN  A   198.51.100.140
@        IN      NS      ns16.webmail.mail.lab.example.com.
ns16   IN  A   198.51.100.148
@        IN      NS      ns17.webmail.mail.lab.example.com.
ns17   IN  A   198.51.100.149
@        IN      NS      ns18.webmail.mail.lab.example.com.
ns18   IN  A   198.51.100.157

Quando eu executo dig no servidor DNS, recebo as respostas corretamente

colombodns2:/var/lib/named # dig webmail.mail.lab.example.com. NAPTR

; <<>> DiG 9.9.5-rpz2+rl.14038.05-P1 <<>> webmail.mail.lab.example.com. NAPTR
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20175
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 18, ADDITIONAL: 19
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;webmail.mail.lab.example.com.  IN      NAPTR

;; AUTHORITY SECTION:
webmail.mail.lab.example.com. 0 IN      NS      ns9.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns18.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns11.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns2.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns4.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns8.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns10.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns17.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns12.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns3.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns6.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns14.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns16.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns15.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns7.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns1.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns5.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns13.webmail.mail.lab.example.com.

;; ADDITIONAL SECTION:
ns1.webmail.mail.lab.example.com. 0 IN  A       198.51.100.156
ns2.webmail.mail.lab.example.com. 0 IN  A       198.51.100.155
ns3.webmail.mail.lab.example.com. 0 IN  A       198.51.100.154
ns4.webmail.mail.lab.example.com. 0 IN  A       198.51.100.153
ns5.webmail.mail.lab.example.com. 0 IN  A       198.51.100.152
ns6.webmail.mail.lab.example.com. 0 IN  A       198.51.100.151
ns7.webmail.mail.lab.example.com. 0 IN  A       198.51.100.150
ns8.webmail.mail.lab.example.com. 0 IN  A       198.51.100.147
ns9.webmail.mail.lab.example.com. 0 IN  A       198.51.100.146
ns10.webmail.mail.lab.example.com. 0 IN A       198.51.100.145
ns11.webmail.mail.lab.example.com. 0 IN A       198.51.100.144
ns12.webmail.mail.lab.example.com. 0 IN A       198.51.100.143
ns13.webmail.mail.lab.example.com. 0 IN A       198.51.100.142
ns14.webmail.mail.lab.example.com. 0 IN A       198.51.100.141
ns15.webmail.mail.lab.example.com. 0 IN A       198.51.100.140
ns16.webmail.mail.lab.example.com. 0 IN A       198.51.100.148
ns17.webmail.mail.lab.example.com. 0 IN A       198.51.100.149
ns18.webmail.mail.lab.example.com. 0 IN A       198.51.100.157

;; Query time: 27 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Oct 17 11:02:49 IST 2017
;; MSG SIZE  rcvd: 678

Quando estou executando a partir do cliente, não consigo ver tc (bit de truncamento) definido nas minhas consultas. O truncamento funcionará para consultas NS?

dig @203.0.113.1 webmail.mail.lab.example.com. NAPTR +edns=0 +bufsize=512

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.62.rc1.el6_9.4 <<>> @203.0.113.1 webmail.mail.lab.example.com. NAPTR +edns=0 +bufsize=512
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20571
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 18, ADDITIONAL: 8
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;webmail.mail.lab.example.com.  IN      NAPTR

;; AUTHORITY SECTION:
webmail.mail.lab.example.com. 0 IN      NS      ns8.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns12.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns13.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns14.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns1.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns16.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns9.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns3.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns10.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns18.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns5.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns11.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns2.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns6.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns7.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns17.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns15.webmail.mail.lab.example.com.
webmail.mail.lab.example.com. 0 IN      NS      ns4.webmail.mail.lab.example.com.

;; ADDITIONAL SECTION:
ns1.webmail.mail.lab.example.com. 0 IN  A       198.51.100.156
ns2.webmail.mail.lab.example.com. 0 IN  A       198.51.100.155
ns3.webmail.mail.lab.example.com. 0 IN  A       198.51.100.154
ns4.webmail.mail.lab.example.com. 0 IN  A       198.51.100.153
ns5.webmail.mail.lab.example.com. 0 IN  A       198.51.100.152
ns6.webmail.mail.lab.example.com. 0 IN  A       198.51.100.151
ns7.webmail.mail.lab.example.com. 0 IN  A       198.51.100.150

;; Query time: 1 msec
;; SERVER: 203.0.113.1#53(203.0.113.1)
;; WHEN: Tue Oct 17 11:40:31 2017
;; MSG SIZE  rcvd: 502

Isso tem que fazer alguma coisa com o meu servidor DNS que o bit de truncamento não é capaz de definir? Eu quero ver o Trucation bit a ser definido e fazendo um fallback no TCP. Mas isso parece falhar

O que eu posso estar fazendo errado?

    
por Harshith Mulky 17.10.2017 / 08:27

1 resposta

1

A resposta não foi grande o suficiente para ser truncada.

O bit TC não está definido quando a seção adicional não se encaixa completamente - RFC 2181 :

The TC bit should be set in responses only when an RRSet is required as a part of the response, but could not be included in its entirety. The TC bit should not be set merely because some extra information could have been included, but there was insufficient room. This includes the results of additional section processing. In such cases the entire RRSet that will not fit in the response should be omitted, and the reply sent as is, with the TC bit clear. If the recipient of the reply needs the omitted data, it can construct a query for that data and send that separately.

Além disso, o cliente dig suporta EDNS0 e negocia um tamanho de pacote muito maior - em vez de 512 bytes, pode receber até 4 kB.

    
por 17.10.2017 / 09:22

Tags