A
A
AlexWinner2013-08-01 15:59:30
linux
AlexWinner, 2013-08-01 15:59:30

Why don't DNS root servers want to talk to me?

Greetings:

Here is an excerpt from wikipedia:
Suppose we typed in the browser the address ru.wikipedia.org. The browser asks the DNS server: "what is the IP address of ru.wikipedia.org"? However, the DNS server may not only know nothing about the requested name, but even about the entire wikipedia.org domain. In this case, the server contacts the root server - for example, 198.41.0.4. This server says - "I have no information about this address, but I know that 204.74.112.1 is responsible for the org zone." Then the DNS server sends its request to 204.74.112.1, but it replies "I have no information about this server, but I know that 207.142.131.234 is responsible for the wikipedia.org zone." Finally, the same request is sent to the third DNS server and receives a response - an IP address, which is transmitted to the client - the browser.

When I try the root server responsible for the zone ru. find out the server responsible, for example, for google.ru, it is silent:
> host -t ns ru. f.root-servers.net.
Using domain server:
Name: f.root-servers.net.
Address: 192.5.5.241#53
Aliases:

ru has no NS record

> host -t ns soa. f.root-servers.net.
Using domain server:
Name: f.root-servers.net.
Address: 192.5.5.241#53
Aliases:

Host soa. not found: 3(NXDOMAIN)

What am I doing wrong?
DNS servers, when doing recursive requests, are treated differently?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
X
xaker1, 2013-08-01
@AlexWinner

Yes, DNS does recursive queries.
For some reason, the host utility does not work if the dns server is forcibly specified.
Try dig

dig
[email protected]:~ > dig -t ns f.root-servers.net. ru.
; <<>> DiG 9.9.2-P1 <<>> -t ns f.root-servers.net. ru.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 55260
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;f.root-servers.net. IN NS
;; AUTHORITY SECTION:
root-servers.net. 3600 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2013010300 14400 7200 1209600 3600000
;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Aug 1 17:21:15 2013
;; MSG SIZE rcvd: 96
;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 11972
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ru. IN NS
;; ANSWER SECTION:
ru. 84996 IN NS f.dns.ripn.net.
ru. 84996 IN NS e.dns.ripn.net.
ru. 84996 IN NS a.dns.ripn.net.
ru. 84996 IN NS d.dns.ripn.net.
ru. 84996 IN NS b.dns.ripn.net.
;; Query time: 3 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Thu Aug 1 17:21:15 2013
;; MSG SIZE rcvd: 112
[email protected]:~ > dig -t a habr.ru. +trace +all
; <<>> DiG 9.9.2-P1 <<>> -t a habr.ru. +trace +all
;; global options: +cmd
;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 9020
;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 516394 IN NS d.root-servers.net.
. 516394 IN NS m.root-servers.net.
. 516394 IN NS l.root-servers.net.
. 516394 IN NS f.root-servers.net.
. 516394 IN NS a.root-servers.net.
. 516394 IN NS i.root-servers.net.
. 516394 IN NS c.root-servers.net.
. 516394 IN NS g.root-servers.net.
. 516394 IN NS j.root-servers.net.
. 516394 IN NS b.root-servers.net.
. 516394 IN NS k.root-servers.net.
. 516394 IN NS e.root-servers.net.
. 516394 IN NS h.root-servers.net.
;; Query time: 508 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Thu Aug 1 17:09:13 2013
;; MSG SIZE rcvd: 239
;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 13022
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 7, ADDITIONAL: 11
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;habr.ru. IN A
;; AUTHORITY SECTION:
ru. 172800 IN NS a.dns.ripn.net.
ru. 172800 IN NS e.dns.ripn.net.
ru. 172800 IN NS f.dns.ripn.net.
ru. 172800 IN NS b.dns.ripn.net.
ru. 172800 IN NS d.dns.ripn.net.
ru. 86400 IN DS 14072 8 2 DFFBFE59FBBD3289D0C3819F05F94610A1E03B556D64540A2CC5F8C4 158A00E7
ru. 86400 IN RRSIG DS 8 1 86400 20130807000000 20130730230000 49656. kO5UkU+BBko5+QDOkU6jkerC6WzsEqMHxc+RVfE+y3e8PPWI+HKHBj6Z e6/x4Ddn4BpUBM732dWbz88n00PqFhD3Q+00RM+7YwPnEDmDk1eZJrJT 33opWG5L8hn+5DYoHRPuSGJBcRhyIQHwHWwvhtiX7IsPj2GmskUssBLG 6ro=
;; ADDITIONAL SECTION:
a.dns.ripn.net. 172800 IN A 193.232.128.6
b.dns.ripn.net. 172800 IN A 194.85.252.62
d.dns.ripn.net. 172800 IN A 194.190.124.17
e.dns.ripn.net. 172800 IN A 193.232.142.17
f.dns.ripn.net. 172800 IN A 193.232.156.17
a.dns.ripn.net. 172800 IN AAAA 2001:678:17:0:193:232:128:6
b.dns.ripn.net. 172800 IN AAAA 2001:678:16:0:194:85:252:62
d.dns.ripn.net. 172800 IN AAAA 2001:678:18:0:194:190:124:17
e.dns.ripn.net. 172800 IN AAAA 2001:678:15:0:193:232:142:17
f.dns.ripn.net. 172800 IN AAAA 2001:678:14:0:193:232:156:17
;; Query time: 243 msec
;; SERVER: 199.7.91.13#53(199.7.91.13)
;; WHEN: Thu Aug 1 17:09:13 2013
;; MSG SIZE rcvd: 555
;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 22012
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 6, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;habr.ru. IN A
;; AUTHORITY SECTION:
habr.ru. 345600 IN NS ns2.habradns.net.
habr.ru. 345600 IN NS ns1.habradns.net.
TDUI9D4JKUDS8B9T86GJ39PGFLCNLGM5.ru. 3600 IN NSEC3 1 1 3 00FF TEFG7J6PMM47P5H81JFQ4VC5FIS9TDOL NS SOA RRSIG DNSKEY NSEC3PARAM
TDUI9D4JKUDS8B9T86GJ39PGFLCNLGM5.ru. 3600 IN RRSIG NSEC3 8 2 3600 20130818050420 20130711212102 9879 ru. uHu+S8E4WHqaTPtZhxOWcvOFvfGyPg3gmZb4COgF+W+pXrx9HIZbT0UP Bidi9p94FwfpxRrV9oz1QXooF9Q9oLU/1l0Hc/2r6HyY7RTpZDeRQlnt Fy6LHVboDazKHBm50XAU15IidiIgzG9cZV69ITT0kqMqxUR0zVXwFc6J 8zg=
BELG7FO0P653NH4HS77LQ0E5E0MV4JIF.ru. 3600 IN NSEC3 1 1 3 00FF BMP1PHBL4O1LE1IPTV9I1AM84T3N48KJ NS DS RRSIG
BELG7FO0P653NH4HS77LQ0E5E0MV4JIF.ru. 3600 IN RRSIG NSEC3 8 2 3600 20130901075644 20130719092154 9879 ru. UdZCtFE/kLSoCBiEGGd9woNFy7kCxWWxr/5zkqpEads3ev+AX1qWjDgg iNrLv4HqzNvaCezTEJNa6UVoPxQxtoq97Z+1EoaMBjuepzbWfYs77GH4 nzCAJX5/DoFNjlIScfY/ghdCEYTqQMQItt4coLTFdsgS+9vp8BVRLEWm Sdc=
;; Query time: 128 msec
;; SERVER: 193.232.142.17#53(193.232.142.17)
;; WHEN: Thu Aug 1 17:09:15 2013
;; MSG SIZE rcvd: 571
;; Got answer:
;; ->>HEADER<< — opcode: QUERY, status: NOERROR, id: 11959
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;habr.ru. IN A
;; ANSWER SECTION:
habr.ru. 900 IN A 178.63.117.149
;; AUTHORITY SECTION:
habr.ru. 900 IN NS ns2.habradns.net.
habr.ru. 900 IN NS ns1.habradns.net.
;; Query time: 79 msec
;; SERVER: 78.46.61.175#53(78.46.61.175)
;; WHEN: Thu Aug 1 17:09:15 2013
;; MSG SIZE rcvd: 100

K
kenny_opennix, 2013-08-01
@kenny_opennix

It works through dig and nslookup, it doesn't work through host either (freebsd9).

mail# nslookup
> server f.root-servers.net
Default server: f.root-servers.net
Address: 192.5.5.241#53
Default server: f.root-servers.net
Address: 2001:500:2f::f#53
> set q=ns
> ru.
Server:         f.root-servers.net
Address:        192.5.5.241#53

Non-authoritative answer:
*** Can't find ru.: No answer

Authoritative answers can be found from:
ru      nameserver = e.dns.ripn.net.
ru      nameserver = a.dns.ripn.net.
ru      nameserver = d.dns.ripn.net.
ru      nameserver = b.dns.ripn.net.
ru      nameserver = f.dns.ripn.net.
a.dns.ripn.net  internet address = 193.232.128.6
b.dns.ripn.net  internet address = 194.85.252.62
d.dns.ripn.net  internet address = 194.190.124.17
e.dns.ripn.net  internet address = 193.232.142.17
f.dns.ripn.net  internet address = 193.232.156.17
a.dns.ripn.net  has AAAA address 2001:678:17:0:193:232:128:6
b.dns.ripn.net  has AAAA address 2001:678:16:0:194:85:252:62
d.dns.ripn.net  has AAAA address 2001:678:18:0:194:190:124:17
e.dns.ripn.net  has AAAA address 2001:678:15:0:193:232:142:17
f.dns.ripn.net  has AAAA address 2001:678:14:0:193:232:156:17


But with the -v switch it works fine
mail# host -v -t ns ru. f.root-servers.net
Trying "ru"
Using domain server:
Name: f.root-servers.net
Address: 192.5.5.241#53
Aliases: 

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 435
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 10

;; QUESTION SECTION:
;ru.                            IN      NS

;; AUTHORITY SECTION:
ru.                     172800  IN      NS      f.dns.ripn.net.
ru.                     172800  IN      NS      a.dns.ripn.net.
ru.                     172800  IN      NS      e.dns.ripn.net.
ru.                     172800  IN      NS      d.dns.ripn.net.
ru.                     172800  IN      NS      b.dns.ripn.net.

;; ADDITIONAL SECTION:
a.dns.ripn.net.         172800  IN      A       193.232.128.6
b.dns.ripn.net.         172800  IN      A       194.85.252.62
d.dns.ripn.net.         172800  IN      A       194.190.124.17
e.dns.ripn.net.         172800  IN      A       193.232.142.17
f.dns.ripn.net.         172800  IN      A       193.232.156.17
a.dns.ripn.net.         172800  IN      AAAA    2001:678:17:0:193:232:128:6
b.dns.ripn.net.         172800  IN      AAAA    2001:678:16:0:194:85:252:62
d.dns.ripn.net.         172800  IN      AAAA    2001:678:18:0:194:190:124:17
e.dns.ripn.net.         172800  IN      AAAA    2001:678:15:0:193:232:142:17
f.dns.ripn.net.         172800  IN      AAAA    2001:678:14:0:193:232:156:17

Received 332 bytes from 192.5.5.241#53 in 64 ms
mail# 

V
Vlad Zhivotnev, 2016-05-27
@inkvizitor68sl

*facepalm.jpg*
man host | grep '\-v'

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question