-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
Yes, unbound continues processing and follows the CNAME, also for qtype ANY. It fetches the qtype ANY at the CNAME destination for the client. Best regards, Wouter On 07/11/2011 02:59 AM, Luo Ce wrote: > Not only www.google.com, I tried www.sohu.com <http://www.sohu.com> and > www.yahoo.com <http://www.yahoo.com>, the results unbound gave me all > include the A records. > > So the problem may not be the authoritative server, it looks like > unbound continue to process the cname response and get the final A records. > > > > ; <<>> DiG 9.7.3-P1 <<>> @localhost www.sohu.com any > > ; (1 server found) > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55095 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 3, ADDITIONAL: 3 > > > > ;; QUESTION SECTION: > > ;www.sohu.com. IN ANY > > > > ;; ANSWER SECTION: > > www.sohu.com. 600 IN CNAME d7.a.sohu.com. > > d7.a.sohu.com. 300 IN CNAME frontend-tc7.a.sohu.com. > > frontend-tc7.a.sohu.com. 300 IN A 61.135.181.169 > > frontend-tc7.a.sohu.com. 300 IN A 61.135.181.171 > > frontend-tc7.a.sohu.com. 300 IN A 61.135.181.167 > > > > ;; AUTHORITY SECTION: > > a.sohu.com. 3600 IN NS y.a.sohu.com. > > a.sohu.com. 3600 IN NS x.a.sohu.com. > > a.sohu.com. 3600 IN NS z.a.sohu.com. > > > > ;; ADDITIONAL SECTION: > > x.a.sohu.com. 7200 IN A 121.14.0.42 > > y.a.sohu.com. 7200 IN A 220.181.26.169 > > z.a.sohu.com. 7200 IN A 61.135.179.168 > > > > ; <<>> DiG 9.7.3-P1 <<>> @localhost www.yahoo.com any > > ; (1 server found) > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24745 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 > > > > ;; QUESTION SECTION: > > ;www.yahoo.com. IN ANY > > > > ;; ANSWER SECTION: > > www.yahoo.com. 300 IN CNAME fp.wg1.b.yahoo.com. > > fp.wg1.b.yahoo.com. 60 IN CNAME any-fp.wa1.b.yahoo.com. > > any-fp.wa1.b.yahoo.com. 60 IN A 98.137.149.56 > > any-fp.wa1.b.yahoo.com. 60 IN A 72.30.2.43 > > > > *From:*Blacka, David [mailto:[email protected]] > *Sent:* Friday, July 08, 2011 8:25 PM > *To:* Luo Ce > *Cc:* <[email protected]> > *Subject:* Re: [Unbound-users] Question about qtype=any > > > > > > On Jul 7, 2011, at 9:30 PM, Luo Ce wrote: > > > > Hi all, > > > > When I use unbound and send a query with qtype = any > > dig @localhost www.google.com <http://www.google.com> any > > unbound returns me the following results: > > ; (1 server found) > > ;; global options: +cmd > > ;; Got answer: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11161 > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0 > > > > ;; QUESTION SECTION: > > ;www.google.com. IN ANY > > > > ;; ANSWER SECTION: > > www.google.com <http://www.google.com>. 604800 IN > CNAME www.l.google.com <http://www.l.google.com>. > > www.l.google.com <http://www.l.google.com>. 300 IN > A 74.125.71.147 > > www.l.google.com <http://www.l.google.com>. 300 IN > A 74.125.71.99 > > www.l.google.com <http://www.l.google.com>. 300 IN > A 74.125.71.106 > > www.l.google.com <http://www.l.google.com>. 300 IN > A 74.125.71.105 > > www.l.google.com <http://www.l.google.com>. 300 IN > A 74.125.71.103 > > www.l.google.com <http://www.l.google.com>. 300 IN > A 74.125.71.104 > > > > I just want to know whether the A records are needed for the qtype any, > cos when I send the same query to bind, it only returns me the cname answer. > > > > I believe what is happening here is that unbound is returning what the > authoritative server returns for 'www.google.com/ANY', while BIND is > reconstructing the answer (that is, looking at its cache and returning > all RRsets that match the qname). > > > > So, maybe a better question is: why does google's authoritative > nameservers return the A records with qtype=ANY? > > > > -- > David Blacka <[email protected] > <mailto:[email protected]>> > Principal Engineer Verisign Infrastructure Engineering > > > > > > _______________________________________________ > Unbound-users mailing list > [email protected] > http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOGr7eAAoJEJ9vHC1+BF+NHmsQAKj9JzgXAr9QIztSDZY7VnXy 6inoCdGq/7vWrD/7AnYDuGHQuliF5QUMXPAP30c+datUc6g6aDjJLusjlTEcCMHF QeQ4OztMsBjyuHMXD977/ZA1aVkmHwKdh75EZMo/r60u+8DHHYYDt3sUszH5X8Nz eVjnPpVjVp0lWLAerzzCTZ2HEM0YiLowiYa1rSVPk4eYHyMNc4xP1UGWi/gCCTER 4DaQ8im82goyt5fe5UNPhhoBKhvxiRmY2Am17MPElowrwqU+XTt42dklTlwCSCwX xEdK50jPhLZtp7XUOPBq68YoXomyc80uFZkEEn4m3nSFZhRspA4331g3uUIuTZ07 WAiX9ydsHGTakwTIsP5TfGcYORZ+b6WKfBcWMzzk/NXowcXallufGSGRMPNx2rzo 89gu9fF3XBH3g0k3uIH7MogIhm/opECU0tDO40wRRY64DZ6TAbniltCwQSe2ZhDJ 69opoMacGYiHcwvmymJ04b5G/wUYBJ4FNi/TVAITsKHzIAkh89NHRPsJ3Rcil264 10N8Xck6Nz+G4JQZ3wpd8RyZx9D4yd94J/6uIWv7exTDZezqbD4m4XjRsUCtfcGK w1mlPIYqGFPnAf5SgfU5P0yWjHsfK80vhlp6EIOBdWLStLzBmE21vY9vMtXerZ18 D4Vsx+vdrEvVX0hJMXnm =0cl+ -----END PGP SIGNATURE----- _______________________________________________ Unbound-users mailing list [email protected] http://unbound.nlnetlabs.nl/mailman/listinfo/unbound-users
