[ldns-users] drill uses local resolvers

Willem Toorop willem at NLnetLabs.nl
Wed May 18 13:09:25 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Klaus,

I've found the culprit. On line 266 till 270 of securetrace.c the
nameservers of the local resolver are copied to the ``resolver to be
used''. The comment text justifying this states:

/* if no servers is given with @, start by asking local resolver */
/* first part todo :) */

Now there is something to say for querying "." at the local resolver
when no root-servers are available to start a trace from, but that piece
of code was the right way nor place for that.

I have it fixed in trunk. The fix will be in the next release that will
follow shortly.

Thanks for noticing and the report!

Willem


On 05/18/11 13:35, Klaus Darilion wrote:
> Hi Willem!
> 
> 
> # cat /etc/resolv.conf
> nameserver 83.136.32.189
> nameserver 83.136.32.190
> 
> 
> 
> # cat root.key
> .       IN      DNSKEY  257 3 8
> AwEAAYH7ht0DNAz3M8mmyhbuEMTXAPrUoLNKgUnTo4ELMBfKefUgBrp9+hJ3ThgIu2rfCWAudeGQlGSTAGvpPYwvXdQUXhT1mogDM7bg2yTUgP+XaRNn2GtLEEW5qWgb3LSqkq191bYZO4/ic43I1lfoY4frkv/eccTsLMSByc9iV7N+6Fk93cZnKY5AfeE+kqkSrBYHNkgk43exMBqUXV6XasmxZjv4mMppMHHMYR203KXYqgyEvNwa7T0oS/hsfx0Eygq5jqNmnb4zlYRiu7UfZ9Nw3Z/0H4MJxq5+By2aMM5p6xyapBV/3j5mcYdAPVQcgnYX68y+lxVD8cge93VoBLU=
> ;{id = 63086 (ksk), size = 2048b}
> 
> 
> 
> 
> # cat root.hint
> .                        3600000  IN  NS    root.dnssec-test.nic.at.
> root.dnssec-test.nic.at.      3600000      A     131.130.200.227
> 
> 
> 
> 
> # drill -TD -k root.key -r root.hint ftp.radiopannen.at A
> 
> Thus, drill should use the root server from the
> file root.key -> 131.130.200.227
> Sometimes drill starts with this root hint and switches to the local
> resolvers after some time. Sometimes drill even starts with the local
> resolver.
> 
> tshark trace of what drill is doing:
> 
>   9.083159 83.136.32.148 -> 83.136.32.189 DNS Standard query NS <Root>
>   9.083490 83.136.32.189 -> 83.136.32.148 DNS Standard query response NS
> i.root-servers.net NS l.root-servers.net NS m.root-servers.net NS
> c.root-servers.net NS g.root-servers.net NS h.root-servers.net NS
> a.root-servers.net NS b.root-servers.net NS d.root-servers.net NS
> f.root-servers.net NS e.root-servers.net NS j.root-servers.net NS
> k.root-servers.net RRSIG
>   9.083734 83.136.32.148 -> 83.136.32.189 DNS Standard query AAAA
> l.root-servers.net
>   9.124785 83.136.32.189 -> 83.136.32.148 DNS Standard query response
> AAAA 2001:500:3::42
>   9.124911 83.136.32.148 -> 83.136.32.190 DNS Standard query A
> l.root-servers.net
>   9.125700 83.136.32.190 -> 83.136.32.148 DNS Standard query response A
> 199.7.83.42
>   9.125948 83.136.32.148 -> 131.130.200.227 DNS Standard query AAAA
> b.root-servers.net
>   9.127723 131.130.200.227 -> 83.136.32.148 DNS Standard query response,
> No such name
>   9.127796 83.136.32.148 -> 83.136.32.189 DNS Standard query A
> b.root-servers.net
>   9.166865 83.136.32.189 -> 83.136.32.148 DNS Standard query response A
> 192.228.79.201
>   9.167098 83.136.32.148 -> 131.130.200.227 DNS Standard query AAAA
> f.root-servers.net
>   9.168655 131.130.200.227 -> 83.136.32.148 DNS Standard query response,
> No such name
>   9.168721 83.136.32.148 -> 131.130.200.227 DNS Standard query A
> f.root-servers.net
>   9.170164 131.130.200.227 -> 83.136.32.148 DNS Standard query response,
> No such name
>   9.170352 83.136.32.148 -> 83.136.32.189 DNS Standard query AAAA
> f.root-servers.net
>   9.283713 83.136.32.189 -> 83.136.32.148 DNS Standard query response
> AAAA 2001:500:2f::f
>   9.283908 83.136.32.148 -> 83.136.32.189 DNS Standard query A
> f.root-servers.net
>   9.310273 83.136.32.189 -> 83.136.32.148 DNS Standard query response A
> 192.5.5.241
>   9.310579 83.136.32.148 -> 83.136.32.189 DNS Standard query AAAA
> j.root-servers.net
>   9.310838 83.136.32.189 -> 83.136.32.148 DNS Standard query response
> AAAA 2001:503:c27::2:30
>   9.310922 83.136.32.148 -> 83.136.32.189 DNS Standard query A
> j.root-servers.net
>   9.493322 83.136.32.189 -> 83.136.32.148 DNS Standard query response A
> 192.58.128.30
>   9.493618 83.136.32.148 -> 83.136.32.190 DNS Standard query AAAA
> k.root-servers.net
>   9.494389 83.136.32.190 -> 83.136.32.148 DNS Standard query response
> AAAA 2001:7fd::1
>   9.494461 83.136.32.148 -> 83.136.32.190 DNS Standard query A
> k.root-servers.net
>   9.495215 83.136.32.190 -> 83.136.32.148 DNS Standard query response A
> 193.0.14.129
>   9.495403 83.136.32.148 -> 192.5.5.241  DNS Standard query DNSKEY <Root>
>   9.678349  192.5.5.241 -> 83.136.32.148 DNS Standard query response
> DNSKEY DNSKEY RRSIG
>   9.681066 83.136.32.148 -> 128.63.2.53  DNS Standard query DS at
>   9.786338  128.63.2.53 -> 83.136.32.148 DNS Standard query response
>   9.786711 83.136.32.148 -> 192.58.128.30 DNS Standard query DNSKEY
> ftp.radiopannen.at
>   9.811558 192.58.128.30 -> 83.136.32.148 DNS Standard query response
>   9.811801 83.136.32.148 -> 198.41.0.4   DNS Standard query DS at
>   9.851583   198.41.0.4 -> 83.136.32.148 DNS Standard query response
>   9.852179 2a02:850:1:1:216:3eff:fe4f:69b7 -> 2001:503:c27::2:30 DNS
> Standard query NS at
>  10.034797 2001:503:c27::2:30 -> 2a02:850:1:1:216:3eff:fe4f:69b7 DNS
> Standard query response
>  10.035221 83.136.32.148 -> 193.171.255.2 DNS Standard query DNSKEY at
>  10.035966 193.171.255.2 -> 83.136.32.148 DNS Standard query response
>  10.036100 83.136.32.148 -> 194.0.10.100 DNS Standard query DS
> radiopannen.at
>  10.043381 194.0.10.100 -> 83.136.32.148 DNS Standard query response
>  10.043501 83.136.32.148 -> 194.146.106.50 DNS Standard query DNSKEY
> ftp.radiopannen.at
>  10.044135 194.146.106.50 -> 83.136.32.148 DNS Standard query response
>  10.044261 83.136.32.148 -> 81.91.161.98 DNS Standard query DS
> radiopannen.at
>  10.075231 81.91.161.98 -> 83.136.32.148 DNS Standard query response
>  10.075433 83.136.32.148 -> 87.233.175.130 DNS Standard query NS
> radiopannen.at
>  10.113906 87.233.175.130 -> 83.136.32.148 DNS Standard query response
>  10.114454 83.136.32.148 -> 195.66.241.82 DNS Standard query AAAA
> ns1.world4you.at
>  10.161133 195.66.241.82 -> 83.136.32.148 DNS Standard query response
>  10.161262 83.136.32.148 -> 81.91.161.98 DNS Standard query A
> ns1.world4you.at
>  10.192491 81.91.161.98 -> 83.136.32.148 DNS Standard query response
>  10.192877 83.136.32.148 -> 83.136.32.190 DNS Standard query AAAA
> ns1.world4you.at
>  10.198029 83.136.32.190 -> 83.136.32.148 DNS Standard query response
>  10.198162 83.136.32.148 -> 83.136.32.190 DNS Standard query A
> ns1.world4you.at
>  10.202997 83.136.32.190 -> 83.136.32.148 DNS Standard query response A
> 81.19.145.5
>  10.203281 83.136.32.148 -> 81.91.161.98 DNS Standard query AAAA
> ns2.world4you.at
>  10.234486 81.91.161.98 -> 83.136.32.148 DNS Standard query response
>  10.234605 83.136.32.148 -> 87.233.175.130 DNS Standard query A
> ns2.world4you.at
>  10.272834 87.233.175.130 -> 83.136.32.148 DNS Standard query response
>  10.273105 83.136.32.148 -> 83.136.32.190 DNS Standard query AAAA
> ns2.world4you.at
>  10.278093 83.136.32.190 -> 83.136.32.148 DNS Standard query response
> AAAA 2a00:1a68:80a1::d02
>  10.278194 83.136.32.148 -> 83.136.32.189 DNS Standard query A
> ns2.world4you.at
>  10.278469 83.136.32.189 -> 83.136.32.148 DNS Standard query response A
> 81.19.147.5
>  10.278610 83.136.32.148 -> 81.19.147.5  DNS Standard query DNSKEY
> radiopannen.at
>  10.279060  81.19.147.5 -> 83.136.32.148 DNS Standard query response
>  10.279200 83.136.32.148 -> 81.19.147.5  DNS Standard query DS
> ftp.radiopannen.at
>  10.279666  81.19.147.5 -> 83.136.32.148 DNS Standard query response
>  10.279775 83.136.32.148 -> 81.19.145.5  DNS Standard query DNSKEY
> ftp.radiopannen.at
>  10.283634  81.19.145.5 -> 83.136.32.148 DNS Standard query response
>  10.283763 2a02:850:1:1:216:3eff:fe4f:69b7 -> 2a00:1a68:80a1::d02 DNS
> Standard query DS ftp.radiopannen.at
>  10.284272 2a00:1a68:80a1::d02 -> 2a02:850:1:1:216:3eff:fe4f:69b7 DNS
> Standard query response
>  10.284411 83.136.32.148 -> 81.19.147.5  DNS Standard query NS
> ftp.radiopannen.at
>  10.284904  81.19.147.5 -> 83.136.32.148 DNS Standard query response
>  10.285017 83.136.32.148 -> 81.19.145.5  DNS Standard query DNSKEY
> ftp.radiopannen.at
>  10.288602  81.19.145.5 -> 83.136.32.148 DNS Standard query response
>  10.288772 83.136.32.148 -> 81.19.147.5  DNS Standard query A
> ftp.radiopannen.at
>  10.289195  81.19.147.5 -> 83.136.32.148 DNS Standard query response A
> 81.19.145.146
>  32.987231 83.136.32.148 -> 83.136.32.189 DNS Standard query A gucci
>  32.987242 83.136.32.148 -> 83.136.32.189 DNS Standard query A gucci
>  32.987246 83.136.32.148 -> 83.136.32.189 DNS Standard query AAAA gucci
>  32.987278 83.136.32.148 -> 83.136.32.189 DNS Standard query AAAA gucci
>  32.989809 83.136.32.189 -> 83.136.32.148 DNS Standard query response,
> No such name
>  32.989845 83.136.32.189 -> 83.136.32.148 DNS Standard query response,
> No such name
>  33.028541 83.136.32.189 -> 83.136.32.148 DNS Standard query response,
> No such name
>  33.028576 83.136.32.189 -> 83.136.32.148 DNS Standard query response,
> No such name
> 
> 
> 
> regards
> Klaus
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Am 18.05.2011 11:34, schrieb Willem Toorop:
>> Hi Klaus,
>>
>> I've not been able to reproduce this. What does your query look like
>> exactly? Do you use a trace (-T)?
>>
>> With me it doesn't even query the local resolver when I don't use the -r
>> option (because of the hard-coded root-servers).
>>
>> Best regards, Willem
>>
>> On 04/27/11 15:25, Klaus Darilion wrote:
>>> Hi!
>>
>>> I experienced strange problems with drill 1.6.6 and 1.6.9. Although I
>>> specify root servers with -r, sometimes (50% chance) the local
>>> configured resolver is asked for a root-server list. With drill 1.6.4
>>> this random behavior was not seen yet.
>>
>>> Are there any known issues?
>>
>>> Thanks
>>> Klaus
>>> _______________________________________________
>>> ldns-users mailing list
>>> ldns-users at open.nlnetlabs.nl
>>> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
>>
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users
> _______________________________________________
> ldns-users mailing list
> ldns-users at open.nlnetlabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/ldns-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJN08UFAAoJEOX4+CEvd6SYyckP/jdrwSGWVHPEC+AvKl9tp1Xp
7+PF4ntvVODhwEUvpQq/9DYv6PC92Z1uu0gXYI8pPkRt80/Z81/+TkXuw3B7oG5l
XpZ+WbwasUcEg4uvaz+pnXSUeDI9P1dFxLvbPwLoXz1fPuwK5XF+TbLrq/Lq9pJx
V7iZPMsaRXThkdFQTfEbGgRDuNq61PwnSasGH5xAXWVEEdGbasuKDzE1cyVD7OBC
6A0f0wpeSRI6U7sTAPTxv/OA6WIS3vl/ZA9+yraqcHUH//W6XL2F0ObeL6YSYZ6p
qPikAfevFza7GEWMvZ1k2N+rOX1bNlYUJWBHo8AX2W1BqqffbD4oflpspTht344R
4E1Fk9UraohNMdHzLYfx9CBDixC5iVt9HglIHhBstlUEqkCky5JMqCSeS6RBUs/x
5RDfcWaI2qUWwkr1/+qwL2ZiN0YkxfwZbiKAV2ecQ2m0D04dHOndmxM9wX+tNSNk
XRkctpjwunNhZyqQtJu/sawQwXGwnycRYfAB5QHRsii7m48kmEDfCduU0z7ZHWPu
E7dTiNxzK2haxXHZ3Q4wnOVTCSt6bGS1HU9fSDxtTKwfzzFGIv0PhmWWxc+7jqJB
e2t0AVtnvmbhamoLZHV1KKBrfLuRgoXLcqitaOYLWaCMAMbtOPRQD8tAbhjnI4zc
5KJRuToxqgIBgeVmicBQ
=CkUF
-----END PGP SIGNATURE-----

More information about the ldns-users mailing list