Answer the question
In order to leave comments, you need to log in
K
K
kabaja10352021-03-03 04:37:28
kabaja1035, 2021-03-03 04:37:28
When does an additional section appear in dig?
When executed dig vkontakte.ru @ns1.vkontakte.ru, an additional section appears with the IP addresses of authoritative servers, but when dig vk.com @ns1.vkontakte.ruit does not. I tried to recreate this structure, but my additional section appears in both cases.
Why is this happening? How to make vk.com not know the IP addresses of its ns servers? Found a similar question , but it didn't help me much.
dig output
Официальный
~$ dig vkontakte.ru @ns1.vkontakte.ru
...
;; AUTHORITY SECTION:
vkontakte.ru. 900 IN NS ns1.vkontakte.ru.
vkontakte.ru. 900 IN NS ns2.vkontakte.ru.
vkontakte.ru. 900 IN NS ns3.vkontakte.ru.
vkontakte.ru. 900 IN NS ns4.vkontakte.ru.
;; ADDITIONAL SECTION:
ns1.vkontakte.ru. 900 IN A 87.240.131.131
ns2.vkontakte.ru. 900 IN A 95.213.21.21
ns3.vkontakte.ru. 900 IN A 93.186.238.238
ns4.vkontakte.ru. 900 IN A 87.240.136.136
ns1.vkontakte.ru. 900 IN AAAA 2a00:bdc0:ff:1::2
ns2.vkontakte.ru. 900 IN AAAA 2a00:bdc0:ff:2::2
ns3.vkontakte.ru. 900 IN AAAA 2a00:bdc0:ff:3::2
ns4.vkontakte.ru. 900 IN AAAA 2a00:bdc0:ff:4::2
...~$ dig vk.com @ns1.vkontakte.ru
...
;; AUTHORITY SECTION:
vk.com. 900 IN NS ns1.vkontakte.ru.
vk.com. 900 IN NS ns2.vkontakte.ru.
vk.com. 900 IN NS ns3.vkontakte.ru.
vk.com. 900 IN NS ns4.vkontakte.ru.
...Что получилось у меня
~$ dig vkontakte.ru @localhost
...
;; AUTHORITY SECTION:
vkontakte.ru. 604800 IN NS ns4.vkontakte.ru.
vkontakte.ru. 604800 IN NS ns3.vkontakte.ru.
vkontakte.ru. 604800 IN NS ns1.vkontakte.ru.
vkontakte.ru. 604800 IN NS ns2.vkontakte.ru.
;; ADDITIONAL SECTION:
ns1.vkontakte.ru. 604800 IN A 1.1.1.1
ns2.vkontakte.ru. 604800 IN A 2.2.2.2
ns3.vkontakte.ru. 604800 IN A 3.3.3.3
ns4.vkontakte.ru. 604800 IN A 4.4.4.4
....~$ dig vk.com @localhost
...
;; AUTHORITY SECTION:
vk.com. 604800 IN NS ns3.vkontakte.ru.
vk.com. 604800 IN NS ns1.vkontakte.ru.
vk.com. 604800 IN NS ns4.vkontakte.ru.
vk.com. 604800 IN NS ns2.vkontakte.ru.
;; ADDITIONAL SECTION:
ns1.vkontakte.ru. 604800 IN A 1.1.1.1
ns2.vkontakte.ru. 604800 IN A 2.2.2.2
ns3.vkontakte.ru. 604800 IN A 3.3.3.3
ns4.vkontakte.ru. 604800 IN A 4.4.4.4
.../etc/bind/named.conf.local
zone "vkontakte.ru" {
type master;
file "/etc/bind/zones/db.vkontakte.ru";
};
zone "vk.com" {
type master;
file "/etc/bind/zones/db.vk.com";
};/etc/bind/named.conf.options
options {
directory "/var/cache/bind";
listen-on { 127.0.0.1; };
allow-query { any; };
dnssec-validation auto;
auth-nxdomain no;
listen-on-v6 { any; };
};/etc/bind/zones/db.vkontakte.ru
$TTL 604800
@ IN SOA ns1.vkontakte.ru. admin.vkontakte.ru. (
7 ; Serial
1000 ; Refresh
86400 ; Retry
600 ; Expire
900 ) ; Negative Cache TTL
; name servers - NS records
@ IN NS ns1.vkontakte.ru.
@ IN NS ns2.vkontakte.ru.
@ IN NS ns3.vkontakte.ru.
@ IN NS ns4.vkontakte.ru.
; name servers - A records
ns1.vkontakte.ru. IN A 1.1.1.1
ns2.vkontakte.ru. IN A 2.2.2.2
ns3.vkontakte.ru. IN A 3.3.3.3
ns4.vkontakte.ru. IN A 4.4.4.4
vkontakte.ru. IN A 255.255.255.255/etc/bind/zones/db.vk.com
$TTL 604800
@ IN SOA ns1.vkontakte.ru. admin.vkontakte.ru. (
7 ; Serial
1000 ; Refresh
86400 ; Retry
600 ; Expire
900 ) ; Negative Cache TTL
; name servers - NS records
@ IN NS ns1.vkontakte.ru.
@ IN NS ns2.vkontakte.ru.
@ IN NS ns3.vkontakte.ru.
@ IN NS ns4.vkontakte.ru.
; name servers - A records
vk.com. IN A 255.255.255.255 2 answer(s)
@vitaly_il1
@AUser0
V
Vitaly Karasik, 2021-03-03 @vitaly_il1
DNS resolves nameservers when they are from the same domain.
https://serverfault.com/questions/541925/dig-looku...
A
AUser0, 2021-03-03 @AUser0
If you need such a strange perversion, you can make two views, accept all requests in the main one, store all zones (except for the special one), and put the second view in the forwarders (via 127.0.0.2), and in it - this special zone. Then the main view will be non-authoritative - which is what you needed ... it's not clear why.
Similar questions
A
H
G
E
P
Peter2017-07-29 16:41:40
DNS server on the local network. Setting up caching. Is there any reason?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question