Maintained by: NLnet Labs

[Unbound-users] Unbound dropping Additional Records

Rick van Rein
Wed Jan 7 12:16:15 CET 2009


Hello,

I've encountered two strange things when using Unbound to query your
domain nlnetlabs.nl.  I was playing with a program that cut off some
Additional Records, and was confused to learn that it sometimes happens
with Unbound as well.

One is due to dig.  Dig sometimes shows a higher Additional Records
count than are being printed -- I've used WireShart and learnt that
these are OPT records which are not to be handled like normal RR.
That's hereby documented.

But I also get different results when querying Unbound (running on jip)
or your own name server.  Listing follows.

Where have the missing Additional Records gone I wonder/  These don't
show up in WireShark (and no OPT either) and of course I specified
-s0 to avoid cutting off the DNS response.  TcpDump attached.

I use Debian Lenny -> unbound 1.0.2 and dig from dnsutils 1:9.5.0.
BTW, I'm new to Debian -- but it already feels like home :-)


Best,
 -Rick


bash$ dig @jip nlnetlabs.nl		# Ask Unbound

; <<>> DiG 9.3.2-P2.1 <<>> @jip nlnetlabs.nl
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64664
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;nlnetlabs.nl.                  IN      A

;; ANSWER SECTION:
nlnetlabs.nl.           2598    IN      A       213.154.224.1

;; AUTHORITY SECTION:
nlnetlabs.nl.           8641    IN      NS      ns7.domain-registry.nl.
nlnetlabs.nl.           8641    IN      NS      omval.tednet.nl.
nlnetlabs.nl.           8641    IN      NS      open.nlnetlabs.nl.

;; ADDITIONAL SECTION:
open.nlnetlabs.nl.      8630    IN      A       213.154.224.1
open.nlnetlabs.nl.      8835    IN      AAAA    2001:7b8:206:1::1
open.nlnetlabs.nl.      8835    IN      AAAA    2001:7b8:206:1::53

;; Query time: 8 msec
;; SERVER: 10.0.0.5#53(10.0.0.5)
;; WHEN: Wed Jan  7 11:03:10 2009
;; MSG SIZE  rcvd: 198



bash$ dig @open.nlnetlabs.nl nlnetlabs.nl	# Ask The Source

; <<>> DiG 9.4.2-P1 <<>> @open.nlnetlabs.nl nlnetlabs.nl
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36889
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;nlnetlabs.nl.                  IN      A

;; ANSWER SECTION:
nlnetlabs.nl.           10200   IN      A       213.154.224.1

;; AUTHORITY SECTION:
nlnetlabs.nl.           10200   IN      NS      open.nlnetlabs.nl.
nlnetlabs.nl.           10200   IN      NS      omval.tednet.nl.
nlnetlabs.nl.           10200   IN      NS      ns7.domain-registry.nl.

;; ADDITIONAL SECTION:
open.nlnetlabs.nl.      10200   IN      A       213.154.224.1
open.nlnetlabs.nl.      10200   IN      AAAA    2001:7b8:206:1::53
open.nlnetlabs.nl.      10200   IN      AAAA    2001:7b8:206:1::1
omval.tednet.nl.        28800   IN      A       213.154.224.17
omval.tednet.nl.        28800   IN      AAAA    2001:7b8:206:1::17
omval.tednet.nl.        28800   IN      AAAA	2001:7b8:206:1:200:39ff:fe59:b187

;; Query time: 15 msec
;; SERVER: 213.154.224.1#53(213.154.224.1)
;; WHEN: Wed Jan  7 12:02:57 2009
;; MSG SIZE  rcvd: 270

-------------- next part --------------
A non-text attachment was scrubbed...
Name: unbound2.tcpdump
Type: application/octet-stream
Size: 368 bytes
Desc: not available
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20090107/d5932334/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 267 bytes
Desc: Digital signature
URL: <http://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20090107/d5932334/attachment.pgp>