[ldns-users] drill: finding child zone?
Havard Eidnes
he at uninett.no
Wed Aug 21 07:03:25 UTC 2013
Hi,
I'm dipping my toe into DNSSEC, and it seems that when drill is
used in "top-down" mode, and you do not have a delegation point
at every possible point along the name tree, drill will
incorrectly conclude that the queried-for name doesn't exist.
Example:
% drill -TD 2.2.156.193.in-addr.arpa. ptr
ends in
;; Domain: 156.193.in-addr.arpa.
[T] 156.193.in-addr.arpa. 3600 IN DNSKEY 256 3 8 ;{id = 47623 (zsk), size = 1024b}
156.193.in-addr.arpa. 3600 IN DNSKEY 257 3 8 ;{id = 37642 (ksk), size = 2048b}
[T] Existence denied: 2.156.193.in-addr.arpa. DS
;; No ds record for delegation
[T] Existence denied: 2.156.193.in-addr.arpa. NS
The 2.2.156.193.in-addr.arpa. ptr is registered directly in the
156.193.in-addr.arpa zone, so the registration spans two labels,
and there is no delegation at 2.156.193.in-addr.arpa (which drill
correctly has concluded).
This sort of setup will, I suspect, be much more prevalent in
ip6.arpa zones.
Bug or feature?
Regards,
- Håvard
More information about the ldns-users
mailing list