[ldns-users] More info from drill -T

Thu Jan 30 00:11:49 UTC 2014

On 2014-01-30 00:39, Greg Ward wrote:
> Hi again --
> 
> drill -T is working great with the new "follow CNAMEs" feature --
> thanks, Willem!
> 
> But I find myself wanting more info for two distinct reasons.
> 
> 1) "nxdomain" errors are not obvious in trace mode. E.g.
> 
>    $ drill -T this-is-a-bogus-domain.net
>    .       518400  IN      NS      c.root-servers.net.
>    .       518400  IN      NS      h.root-servers.net.
>    [...]
>    net.    172800  IN      NS      j.gtld-servers.net.
>    net.    172800  IN      NS      i.gtld-servers.net.
>    [...]
>    net.    900     IN      SOA     a.gtld-servers.net. nstld.verisign-grs.com. 1391037622 1800 900 604800 86400
> 
>    There's no explicit "NXDOMAIN" indicator, like you get from "drill" without -T.
>    Increasing the verbosity doesn't help:
> 
>    $ drill -T -V5 this-is-a-bogus-domain.net | grep rcode:
>    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
>    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
>    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
>    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
>    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
>    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
>    ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0
> 
> 2) It's hard (impossible?) to tell how lines of output correspond to
>    DNS query/response packets without using -V5, and that gives a
>    flood of uninteresting additional data. (Including reverse lookups
>    of some of the nameservers that we hit along the way!)
> 
> It appears that the ";; " lines that are useful with normal drill (and
> dig) output are, ummm, not so useful in trace mode. Is this a known
> bug? Or am I missing something (like, that's a feature)?
> 
> Thanks --
> 
>        Greg

Hi,

While we are a drill -T, the output for reverse lookups seems a bit off:

Some queries are repeated, and some names are prefixed with the
authoritive name server name.

(And the man is wrong, the type argument is used)

% drill -v; drill -T 8.8.8.8.in-addr.arpa. ptr
drill version 1.6.12 (ldns version 1.6.16)
Written by NLnet Labs.

Copyright (c) 2004-2008 NLnet Labs.
Licensed under the revised BSD license.
There is NO warranty; not even for MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE.

in-addr.arpa.	172800	IN	NS	d.in-addr-servers.arpa.
in-addr.arpa.	172800	IN	NS	b.in-addr-servers.arpa.
in-addr.arpa.	172800	IN	NS	e.in-addr-servers.arpa.
in-addr.arpa.	172800	IN	NS	c.in-addr-servers.arpa.
in-addr.arpa.	172800	IN	NS	f.in-addr-servers.arpa.
in-addr.arpa.	172800	IN	NS	a.in-addr-servers.arpa.
8.in-addr.arpa.	86400	IN	NS	ns1.level3.net.
8.in-addr.arpa.	86400	IN	NS	ns2.level3.net.
8.in-addr.arpa.	86400	IN	NS	ns1.level3.net.
8.in-addr.arpa.	86400	IN	NS	ns2.level3.net.
ns1.level3.net.8.in-addr.arpa.	86400	IN	NS	ns1.level3.net.
8.in-addr.arpa.	86400	IN	NS	ns2.level3.net.
ns2.level3.net.8.8.8.in-addr.arpa.	3600	IN	NS	ns1.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns2.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns4.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns3.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns1.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns2.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns4.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns3.google.com.
ns1.google.com.8.8.8.in-addr.arpa.	3600	IN	NS	ns1.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns2.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns4.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns3.google.com.
ns2.google.com.8.8.8.in-addr.arpa.	3600	IN	NS	ns1.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns2.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns4.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns3.google.com.
ns4.google.com.8.8.8.in-addr.arpa.	3600	IN	NS	ns1.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns2.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns4.google.com.
8.8.8.in-addr.arpa.	3600	IN	NS	ns3.google.com.
ns3.google.com.8.8.8.8.in-addr.arpa.	86400	IN	PTR
google-public-dns-a.google.com.

Best regards,
Johannes

-- 