Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Why do I get 2 different results for DNS recursion?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Why do I get 2 different results for DNS recursion?

jeromezajeromeza Member
edited September 2015 in Help

I've got a DNS server I setup and i'm confused as to whether it's allowing recursion or not (I obviously don't want it to be).

From a Mac I get the below (indicating recursion is on as I'm querying google.com which I don't own or run DNS for):

(1 server found)
global options: +cmd
Got answer:
HEADER opcode: QUERY, status: NOERROR, id: 5686
flags: qr rd ra; QUERY: 1, ANSWER: 15, AUTHORITY: 0, ADDITIONAL: 0

QUESTION SECTION:
google.com.         IN  A

ANSWER SECTION:
google.com.     89  IN  A   66.8.14.226
google.com.     89  IN  A   66.8.14.215
google.com.     89  IN  A   66.8.14.219
google.com.     89  IN  A   66.8.14.237
google.com.     89  IN  A   66.8.14.230
google.com.     89  IN  A   66.8.14.245
google.com.     89  IN  A   66.8.14.251
google.com.     89  IN  A   66.8.14.211
google.com.     89  IN  A   66.8.14.207
google.com.     89  IN  A   66.8.14.241
google.com.     89  IN  A   66.8.14.234
google.com.     89  IN  A   66.8.14.222
google.com.     89  IN  A   66.8.14.236
google.com.     89  IN  A   66.8.14.221
google.com.     89  IN  A   66.8.14.249

Query time: 4 msec
SERVER: xxxx#53(xxxx)
WHEN: Mon Sep  7 18:51:52 2015
MSG SIZE  rcvd: 268

From a Linux box I get (indicating NO recursion is on as I'm querying google.com which I don't own or run DNS for):

(1 server found)
global options: +cmd
Got answer:
HEADER opcode: QUERY, status: REFUSED, id: 31159
flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
WARNING: recursion requested but not available

OPT PSEUDOSECTION:
EDNS: version: 0, flags:; udp: 1680
QUESTION SECTION:
google.com.         IN  A

Query time: 22 msec
SERVER: xxxx#53(xxxx)
WHEN: Mon Sep 07 12:52:45 EDT 2015
MSG SIZE  rcvd: 39

Any idea's why I get the 2 conflicting sets of results? One showing recursion enabled, the other saying its not?

Comments

  • J1021J1021 Member

    Paste your named.conf.options config.

  • gestiondbigestiondbi Member, Patron Provider

    Don't forget google have a lot of servers around the world + a lot of cache server too. You may use something else for testing. You probably didn't hit the same server.

  • elgselgs Member

    I guess this is what called anycast dns.

  • jeromezajeromeza Member
    edited September 2015

    @kcaj said:
    Paste your named.conf.options config.

    Hi, this isn't BIND its a PDNS cluster.

    I'm just curious as to why I get 2x different results from 2x different OS's.

    EDIT: make that 3 different OS's. Linux / Windows refuse query for a domain that my server doesn't serve. Whilst OSX provides an answer on a domain I don't serve. I suspect OSX queries a second server to get this result. Any ideas?

  • TACServersTACServers Member

    @jeromeza - What is the dig command you are running on the Mac?

  • jeromezajeromeza Member

    @Tacservers - the same that i'm running on the rest:

    dig @dnsserverhere google.com

  • gestiondbigestiondbi Member, Patron Provider
    edited September 2015

    From Google DNS

    [root]$ dig google.com
QUESTION SECTION:
google.com.         IN  A

ANSWER SECTION:
google.com.     299 IN  A   24.200.247.187
google.com.     299 IN  A   24.200.247.183
google.com.     299 IN  A   24.200.247.172
google.com.     299 IN  A   24.200.247.152
google.com.     299 IN  A   24.200.247.168
google.com.     299 IN  A   24.200.247.157
google.com.     299 IN  A   24.200.247.153
google.com.     299 IN  A   24.200.247.158
google.com.     299 IN  A   24.200.247.173
google.com.     299 IN  A   24.200.247.162
google.com.     299 IN  A   24.200.247.148
google.com.     299 IN  A   24.200.247.177
google.com.     299 IN  A   24.200.247.167
google.com.     299 IN  A   24.200.247.182
google.com.     299 IN  A   24.200.247.163
google.com.     299 IN  A   24.200.247.178

    and from Level3 DNS

    [root]$ dig @4.2.2.1 google.com

QUESTION SECTION:
google.com.         IN  A

ANSWER SECTION:
google.com.     141 IN  A   173.194.46.96
google.com.     141 IN  A   173.194.46.98
google.com.     141 IN  A   173.194.46.103
google.com.     141 IN  A   173.194.46.100
google.com.     141 IN  A   173.194.46.99
google.com.     141 IN  A   173.194.46.101
google.com.     141 IN  A   173.194.46.102
google.com.     141 IN  A   173.194.46.97
google.com.     141 IN  A   173.194.46.110
google.com.     141 IN  A   173.194.46.105
google.com.     141 IN  A   173.194.46.104

    The 24.200.247.xxx are caching servers at the ISP.

  • RalliasRallias Member

    I suspect (from speculation and an extremely small set of data) that OSx's build of bind uses the internal recursor rather than the DNS server itself.

  • AbdussamadAbdussamad Member
    edited September 2015

    Do the IP's in the "SERVER:" lines match? If yes then I don't know what's going on. But if they don't then you maybe hitting a different server in your PDNS cluster. One that has recursion turned on.

  • TACServersTACServers Member

    @jeromeza - I see an 18MS difference, are these on the same network? Possibly @Rallias is correct, without being able to test on my Mac at the moment. 4MS is really fast for a recursive DNS response, that isn't locally cached.

    Mac:

    Query time: 4 msec
SERVER: xxxx#53(xxxx)
WHEN: Mon Sep  7 18:51:52 2015
MSG SIZE  rcvd: 268

    Linux:

    Query time: 22 msec
SERVER: xxxx#53(xxxx)
WHEN: Mon Sep 07 12:52:45 EDT 2015
MSG SIZE  rcvd: 39
Sign In or Register to comment.