When does an additional section appear in dig?

K

kabaja10352021-03-03 04:37:28

Domain Name System

kabaja1035, 2021-03-03 04:37:28

When executed dig vkontakte.ru @ns1.vkontakte.ru, an additional section appears with the IP addresses of authoritative servers, but when dig vk.com @ns1.vkontakte.ruit does not. I tried to recreate this structure, but my additional section appears in both cases.
Why is this happening? How to make vk.com not know the IP addresses of its ns servers? Found a similar question , but it didn't help me much.

dig output

Официальный

~$ dig vkontakte.ru @ns1.vkontakte.ru
...
;; AUTHORITY SECTION:
vkontakte.ru.           900     IN      NS      ns1.vkontakte.ru.
vkontakte.ru.           900     IN      NS      ns2.vkontakte.ru.
vkontakte.ru.           900     IN      NS      ns3.vkontakte.ru.
vkontakte.ru.           900     IN      NS      ns4.vkontakte.ru.

;; ADDITIONAL SECTION:
ns1.vkontakte.ru.       900     IN      A       87.240.131.131
ns2.vkontakte.ru.       900     IN      A       95.213.21.21
ns3.vkontakte.ru.       900     IN      A       93.186.238.238
ns4.vkontakte.ru.       900     IN      A       87.240.136.136
ns1.vkontakte.ru.       900     IN      AAAA    2a00:bdc0:ff:1::2
ns2.vkontakte.ru.       900     IN      AAAA    2a00:bdc0:ff:2::2
ns3.vkontakte.ru.       900     IN      AAAA    2a00:bdc0:ff:3::2
ns4.vkontakte.ru.       900     IN      AAAA    2a00:bdc0:ff:4::2
...

~$ dig vk.com @ns1.vkontakte.ru
...
;; AUTHORITY SECTION:
vk.com.                 900     IN      NS      ns1.vkontakte.ru.
vk.com.                 900     IN      NS      ns2.vkontakte.ru.
vk.com.                 900     IN      NS      ns3.vkontakte.ru.
vk.com.                 900     IN      NS      ns4.vkontakte.ru.
...

Что получилось у меня

~$ dig vkontakte.ru @localhost
...
;; AUTHORITY SECTION:
vkontakte.ru.           604800  IN      NS      ns4.vkontakte.ru.
vkontakte.ru.           604800  IN      NS      ns3.vkontakte.ru.
vkontakte.ru.           604800  IN      NS      ns1.vkontakte.ru.
vkontakte.ru.           604800  IN      NS      ns2.vkontakte.ru.

;; ADDITIONAL SECTION:
ns1.vkontakte.ru.       604800  IN      A       1.1.1.1
ns2.vkontakte.ru.       604800  IN      A       2.2.2.2
ns3.vkontakte.ru.       604800  IN      A       3.3.3.3
ns4.vkontakte.ru.       604800  IN      A       4.4.4.4
....

~$ dig vk.com @localhost
...
;; AUTHORITY SECTION:
vk.com.                 604800  IN      NS      ns3.vkontakte.ru.
vk.com.                 604800  IN      NS      ns1.vkontakte.ru.
vk.com.                 604800  IN      NS      ns4.vkontakte.ru.
vk.com.                 604800  IN      NS      ns2.vkontakte.ru.

;; ADDITIONAL SECTION:
ns1.vkontakte.ru.       604800  IN      A       1.1.1.1
ns2.vkontakte.ru.       604800  IN      A       2.2.2.2
ns3.vkontakte.ru.       604800  IN      A       3.3.3.3
ns4.vkontakte.ru.       604800  IN      A       4.4.4.4
...

/etc/bind/named.conf.local

zone "vkontakte.ru" {
        type master;
        file "/etc/bind/zones/db.vkontakte.ru";
};

zone "vk.com" {
        type master;
        file "/etc/bind/zones/db.vk.com";
};

/etc/bind/named.conf.options

options {
        directory "/var/cache/bind";
        listen-on { 127.0.0.1; };
        allow-query { any; };

        dnssec-validation auto;
        auth-nxdomain no;
        listen-on-v6 { any; };
};

/etc/bind/zones/db.vkontakte.ru

$TTL    604800
@       IN      SOA     ns1.vkontakte.ru. admin.vkontakte.ru. (
                              7         ; Serial
                           1000         ; Refresh
                          86400         ; Retry
                            600         ; Expire
                            900 )       ; Negative Cache TTL

; name servers - NS records
@     IN      NS      ns1.vkontakte.ru.
@     IN      NS      ns2.vkontakte.ru.
@     IN      NS      ns3.vkontakte.ru.
@     IN      NS      ns4.vkontakte.ru.

; name servers - A records
ns1.vkontakte.ru.                  IN      A       1.1.1.1
ns2.vkontakte.ru.                  IN      A       2.2.2.2
ns3.vkontakte.ru.                  IN      A       3.3.3.3
ns4.vkontakte.ru.                  IN      A       4.4.4.4
vkontakte.ru.                      IN      A       255.255.255.255

/etc/bind/zones/db.vk.com

$TTL    604800
@       IN      SOA     ns1.vkontakte.ru. admin.vkontakte.ru. (
                              7         ; Serial
                           1000         ; Refresh
                          86400         ; Retry
                            600         ; Expire
                            900 )       ; Negative Cache TTL

; name servers - NS records
@     IN      NS      ns1.vkontakte.ru.
@     IN      NS      ns2.vkontakte.ru.
@     IN      NS      ns3.vkontakte.ru.
@     IN      NS      ns4.vkontakte.ru.

; name servers - A records
vk.com.                      IN      A       255.255.255.255

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vitaly Karasik, 2021-03-03
@vitaly_il1

DNS resolves nameservers when they are from the same domain.
https://serverfault.com/questions/541925/dig-looku...

A

AUser0, 2021-03-03
@AUser0

If you need such a strange perversion, you can make two views, accept all requests in the main one, store all zones (except for the special one), and put the second view in the forwarders (via 127.0.0.2), and in it - this special zone. Then the main view will be non-authoritative - which is what you needed ... it's not clear why.