[Yeti DNS Discuss] 回复: 答复: Another two servers added last week with one IDN

dbgong dbgong at biigroup.cn
Thu May 19 06:18:25 UTC 2016


Hi Davey and Stdphane,

I checked the response with wireshark, and found that Dahu2 may disable the DNS Message compression.
There are 5 RRs endwith yeti-dns.net and 4 RRs end with dns-lab.net.
So the message size is bigger then others.

On 2016-05-19  13:09 
  Davey Song(宋林健)  <ljsong at biigroup.cn> wrote:
 
Can anyone tell me the difference between the two. I'm a little confused:
 
1. dig +nodnssec +edns +bufsize=4096 @dahu2.yeti.eu.org NS .
 
; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> +nodnssec +edns +bufsize=4096
@dahu2.yeti.eu.org NS .
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48648
;; flags: qr aa rd; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 26
;; WARNING: recursion requested but not available
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
 
;; ANSWER SECTION:
. 86400 IN NS bii.dns-lab.net.
. 86400 IN NS yeti.bofh.priv.at.
. 86400 IN NS yeti.ipv6.ernet.in.
. 86400 IN NS yeti.aquaray.com.
. 86400 IN NS dahu1.yeti.eu.org.
. 86400 IN NS dahu2.yeti.eu.org.
. 86400 IN NS yeti1.ipv6.ernet.in.
. 86400 IN NS ns-yeti.bondis.org.
. 86400 IN NS yeti-ns.ix.ru.
. 86400 IN NS yeti-ns.lab.nic.cl.
. 86400 IN NS yeti-ns.tisf.net.
. 86400 IN NS yeti-ns.wide.ad.jp.
. 86400 IN NS yeti-ns.conit.co.
. 86400 IN NS yeti-ns.switch.ch.
. 86400 IN NS yeti-ns.as59715.net.
. 86400 IN NS yeti-ns1.dns-lab.net.
. 86400 IN NS yeti-ns2.dns-lab.net.
. 86400 IN NS yeti-ns3.dns-lab.net.
. 86400 IN NS xn--r2bi1c.xn--h2bv6c0a.xn--
h2brj9c.
. 86400 IN NS yeti-dns01.dnsworkshop.org.
. 86400 IN NS 18ac3e7343f016890c510e93f935
26.yeti-dns.net.
. 86400 IN NS 2e7d2c03a9507ae265ecf5b53568
85.yeti-dns.net.
. 86400 IN NS 3e23e8160039594a33894f6564e1
b1.yeti-dns.net.
. 86400 IN NS 3f79bb7b435b05321651daefd374
cd.yeti-dns.net.
. 86400 IN NS ca978112ca1bbdcafac231b39a23
dc.yeti-dns.net.
 
;; ADDITIONAL SECTION:
bii.dns-lab.net. 86400 IN AAAA 240c:f:1:22::6
yeti.bofh.priv.at. 86400 IN AAAA 2a01:4f8:161:6106:1::10
yeti.ipv6.ernet.in. 86400 IN AAAA 2001:e30:1c1e:1::333
yeti.aquaray.com. 86400 IN AAAA 2a02:ec0:200::1
dahu1.yeti.eu.org. 86400 IN AAAA 2001:4b98:dc2:45:216:3eff:fe
4b:8c5b
dahu2.yeti.eu.org. 86400 IN AAAA 2001:67c:217c:6::2
yeti1.ipv6.ernet.in. 86400 IN AAAA 2001:e30:187d::333
ns-yeti.bondis.org. 86400 IN AAAA 2a02:2810:0:405::250
yeti-ns.ix.ru. 86400 IN AAAA 2001:6d0:6d06::53
yeti-ns.lab.nic.cl. 86400 IN AAAA 2001:1398:1:21::8001
yeti-ns.tisf.net. 86400 IN AAAA 2001:559:8000::6
yeti-ns.wide.ad.jp. 86400 IN AAAA 2001:200:1d9::35
yeti-ns.conit.co. 86400 IN AAAA 2604:6600:2000:11::4854:a010
yeti-ns.switch.ch. 86400 IN AAAA 2001:620:0:ff::29
yeti-ns.as59715.net. 86400 IN AAAA 2a02:cdc5:9715:0:185:5:203:5
3
yeti-ns1.dns-lab.net. 86400 IN AAAA 2001:da8:a3:a027::6
yeti-ns2.dns-lab.net. 86400 IN AAAA 2001:da8:268:4200::6
yeti-ns3.dns-lab.net. 86400 IN AAAA 2400:a980:30ff::6
xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c. 86400 IN AAAA 2001:e30:1c1e:10::333
yeti-dns01.dnsworkshop.org. 86400 IN AAAA 2001:1608:10:167:32e::53
18ac3e7343f016890c510e93f93526.yeti-dns.net. 86400 IN AAAA
2a05:78c0:0:2::3:6
2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net. 86400 IN AAAA
2400:8901:e001:39::6
3e23e8160039594a33894f6564e1b1.yeti-dns.net. 86400 IN AAAA
2803:80:1004:63::1
3f79bb7b435b05321651daefd374cd.yeti-dns.net. 86400 IN AAAA
2401:c900:1401:3b:c::6
ca978112ca1bbdcafac231b39a23dc.yeti-dns.net. 86400 IN AAAA 2c0f:f530::6
 
;; Query time: 273 msec
;; SERVER: 2001:67c:217c:6::2#53(2001:67c:217c:6::2)
;; WHEN: Thu May 19 13:03:34 CST 2016
;; MSG SIZE  rcvd: 1895
 
2. dig +nodnssec +edns +bufsize=4096 @bii.dns-lab.net NS .
 
; <<>> DiG 9.9.5-3ubuntu0.7-Ubuntu <<>> +nodnssec +edns +bufsize=4096
@bii.dns-lab.net NS .
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19676
;; flags: qr aa rd; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 26
;; WARNING: recursion requested but not available
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;. IN NS
 
;; ANSWER SECTION:
. 86400 IN NS 2e7d2c03a9507ae265ecf5b53568
85.yeti-dns.net.
. 86400 IN NS yeti-dns01.dnsworkshop.org.
. 86400 IN NS yeti-ns3.dns-lab.net.
. 86400 IN NS ns-yeti.bondis.org.
. 86400 IN NS ca978112ca1bbdcafac231b39a23
dc.yeti-dns.net.
. 86400 IN NS yeti.aquaray.com.
. 86400 IN NS yeti-ns.switch.ch.
. 86400 IN NS yeti-ns.tisf.net.
. 86400 IN NS yeti.ipv6.ernet.in.
. 86400 IN NS yeti-ns.lab.nic.cl.
. 86400 IN NS yeti-ns2.dns-lab.net.
. 86400 IN NS yeti1.ipv6.ernet.in.
. 86400 IN NS bii.dns-lab.net.
. 86400 IN NS 3e23e8160039594a33894f6564e1
b1.yeti-dns.net.
. 86400 IN NS dahu2.yeti.eu.org.
. 86400 IN NS yeti.bofh.priv.at.
. 86400 IN NS dahu1.yeti.eu.org.
. 86400 IN NS xn--r2bi1c.xn--h2bv6c0a.xn--
h2brj9c.
. 86400 IN NS yeti-ns1.dns-lab.net.
. 86400 IN NS yeti-ns.as59715.net.
. 86400 IN NS 18ac3e7343f016890c510e93f935
26.yeti-dns.net.
. 86400 IN NS yeti-ns.ix.ru.
. 86400 IN NS 3f79bb7b435b05321651daefd374
cd.yeti-dns.net.
. 86400 IN NS yeti-ns.conit.co.
. 86400 IN NS yeti-ns.wide.ad.jp.
 
;; ADDITIONAL SECTION:
bii.dns-lab.net. 86400 IN AAAA 240c:f:1:22::6
yeti.bofh.priv.at. 86400 IN AAAA 2a01:4f8:161:6106:1::10
yeti.ipv6.ernet.in. 86400 IN AAAA 2001:e30:1c1e:1::333
yeti.aquaray.com. 86400 IN AAAA 2a02:ec0:200::1
dahu1.yeti.eu.org. 86400 IN AAAA 2001:4b98:dc2:45:216:3eff:fe
4b:8c5b
dahu2.yeti.eu.org. 86400 IN AAAA 2001:67c:217c:6::2
yeti1.ipv6.ernet.in. 86400 IN AAAA 2001:e30:187d::333
ns-yeti.bondis.org. 86400 IN AAAA 2a02:2810:0:405::250
yeti-ns.ix.ru. 86400 IN AAAA 2001:6d0:6d06::53
yeti-ns.lab.nic.cl. 86400 IN AAAA 2001:1398:1:21::8001
yeti-ns.tisf.net. 86400 IN AAAA 2001:559:8000::6
yeti-ns.wide.ad.jp. 86400 IN AAAA 2001:200:1d9::35
yeti-ns.conit.co. 86400 IN AAAA 2604:6600:2000:11::4854:a010
yeti-ns.switch.ch. 86400 IN AAAA 2001:620:0:ff::29
yeti-ns.as59715.net. 86400 IN AAAA 2a02:cdc5:9715:0:185:5:203:5
3
yeti-ns1.dns-lab.net. 86400 IN AAAA 2001:da8:a3:a027::6
yeti-ns2.dns-lab.net. 86400 IN AAAA 2001:da8:268:4200::6
yeti-ns3.dns-lab.net. 86400 IN AAAA 2400:a980:30ff::6
xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c. 86400 IN AAAA 2001:e30:1c1e:10::333
yeti-dns01.dnsworkshop.org. 86400 IN AAAA 2001:1608:10:167:32e::53
18ac3e7343f016890c510e93f93526.yeti-dns.net. 86400 IN AAAA
2a05:78c0:0:2::3:6
2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net. 86400 IN AAAA
2400:8901:e001:39::6
3e23e8160039594a33894f6564e1b1.yeti-dns.net. 86400 IN AAAA
2803:80:1004:63::1
3f79bb7b435b05321651daefd374cd.yeti-dns.net. 86400 IN AAAA
2401:c900:1401:3b:c::6
ca978112ca1bbdcafac231b39a23dc.yeti-dns.net. 86400 IN AAAA 2c0f:f530::6
 
;; Query time: 11 msec
;; SERVER: 240c:f:1:22::6#53(240c:f:1:22::6)
;; WHEN: Thu May 19 13:03:42 CST 2016
;; MSG SIZE  rcvd: 1523
 
 
 
-----邮件原件-----
发件人: discuss [mailto:discuss-bounces at lists.yeti-dns.org] 代表 Davey
Song(宋林健)
发送时间: 2016年5月19日 13:01
收件人: 'Stephane Bortzmeyer'
抄送: discuss at lists.yeti-dns.org
主题: [Yeti DNS Discuss] Another two servers added last week with one IDN
 
We accept two servers from ERNET. We finally have 25 servers now. 
 
I use Stephane's script to generate the priming-response size again:
 
1) Without DNSSEC
 
dahu2.yeti.eu.org. 1895
yeti-ns.wide.ad.jp. 1523
yeti-ns.tisf.net. 1523
yeti-ns.conit.co. 1523
yeti-ns.as59715.net. 1523
yeti-ns3.dns-lab.net. 1523
yeti-ns2.dns-lab.net. 1523
yeti-ns1.dns-lab.net. 1523
yeti-dns01.dnsworkshop.org. 1523
ns-yeti.bondis.org. 1523
dahu1.yeti.eu.org. 1523
ca978112ca1bbdcafac231b39a23dc.yeti-dns.net. 1523 bii.dns-lab.net. 1523
3f79bb7b435b05321651daefd374cd.yeti-dns.net. 1523
3e23e8160039594a33894f6564e1b1.yeti-dns.net. 1523
2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net. 1523
18ac3e7343f016890c510e93f93526.yeti-dns.net. 1523 yeti.aquaray.com. 1215
yeti-ns.switch.ch. 823 yeti-ns.lab.nic.cl. 823 yeti-ns.ix.ru. 823 yeti.ipv6.
ernet.in. 823 yeti.bofh.priv.at. 823 xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c.
823 yeti1.ipv6.ernet.in. (not available now)
 
Note: dahu2.yeti.eu.org. size is weirdly larger than others. I'm not sure
what's wrong. 
 
2) With DNSSEC
 
dahu2.yeti.eu.org. 2053
yeti-ns.tisf.net. 1809
bii.dns-lab.net. 1809
18ac3e7343f016890c510e93f93526.yeti-dns.net. 1809 yeti-ns.wide.ad.jp. 1681
yeti-ns.conit.co. 1681 yeti-ns.as59715.net. 1681 yeti-ns3.dns-lab.net. 1681
yeti-ns2.dns-lab.net. 1681 yeti-ns1.dns-lab.net. 1681
yeti-dns01.dnsworkshop.org. 1681 ns-yeti.bondis.org. 1681 dahu1.yeti.eu.org.
1681 ca978112ca1bbdcafac231b39a23dc.yeti-dns.net. 1681
3f79bb7b435b05321651daefd374cd.yeti-dns.net. 1681
3e23e8160039594a33894f6564e1b1.yeti-dns.net. 1681
2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net. 1681 yeti.aquaray.com. 1205
yeti-ns.lab.nic.cl. 1109 yeti-ns.ix.ru. 1109 yeti-ns.switch.ch. 981
yeti.ipv6.ernet.in. 981 yeti.bofh.priv.at. 981
xn--r2bi1c.xn--h2bv6c0a.xn--h2brj9c. 981 yeti1.ipv6.ernet.in. (not available
now)
 
Note:
dahu2.yeti.eu.org. size is larger than others as it does without DNSSEC It
is observed that the response sizes with DNSSEC are more diverse than
without DNSSEC.
 
-----邮件原件-----
发件人: Stephane Bortzmeyer [mailto:bortzmeyer at nic.fr]
发送时间: 2016年5月4日 17:35
收件人: Davey Song
抄送: discuss at lists.yeti-dns.org
主题: Re: [Yeti DNS Discuss] Five additional servers added to Yeti testbed &
an bug finding on priming response
 
On Wed, May 04, 2016 at 10:59:10AM +0200,  Stephane Bortzmeyer
<bortzmeyer at nic.fr> wrote  a message of 91 lines which said:
 
> dahu1 now sends everything (it requires working IPv6
> fragmentation...):
 
Here are the sizes (in reverse order) of priming responses from Yeti root
name servers:
 
1) Without DNSSEC
 
% sh priming-size.sh                                       
yeti-ns3.dns-lab.net. 1400
yeti-ns2.dns-lab.net. 1400
yeti-ns1.dns-lab.net. 1400
yeti-ns.wide.ad.jp. 1400
yeti-ns.tisf.net. 1400
yeti-dns01.dnsworkshop.org. 1400
ns-yeti.bondis.org. 1400
dahu1.yeti.eu.org. 1400
ca978112ca1bbdcafac231b39a23dc.yeti-dns.net. 1400 bii.dns-lab.net. 1400
3f79bb7b435b05321651daefd374cd.yeti-dns.net. 1400
3e23e8160039594a33894f6564e1b1.yeti-dns.net. 1400
2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net. 1400
18ac3e7343f016890c510e93f93526.yeti-dns.net. 1400 yeti.aquaray.com. 1204
yeti-ns.as59715.net. 1204 yeti.ipv6.ernet.in. 756 yeti.bofh.priv.at. 756
yeti-ns.switch.ch. 756 yeti-ns.lab.nic.cl. 756 yeti-ns.ix.ru. 756
yeti-ns.conit.co. 28 dahu2.yeti.eu.org. 
 
(The last two are problems, to address)
 
2) With DNSSEC
 
% sh priming-size.sh
dahu2.yeti.eu.org. 2017
yeti-ns3.dns-lab.net. 1558
yeti-ns2.dns-lab.net. 1558
yeti-ns1.dns-lab.net. 1558
yeti-ns.wide.ad.jp. 1558
yeti-ns.tisf.net. 1558
yeti-dns01.dnsworkshop.org. 1558
ns-yeti.bondis.org. 1558
dahu1.yeti.eu.org. 1558
ca978112ca1bbdcafac231b39a23dc.yeti-dns.net. 1558 bii.dns-lab.net. 1558
3f79bb7b435b05321651daefd374cd.yeti-dns.net. 1558
3e23e8160039594a33894f6564e1b1.yeti-dns.net. 1558
2e7d2c03a9507ae265ecf5b5356885.yeti-dns.net. 1558
18ac3e7343f016890c510e93f93526.yeti-dns.net. 1558 yeti.aquaray.com. 1222
yeti-ns.as59715.net. 1222 yeti.ipv6.ernet.in. 914 yeti.bofh.priv.at. 914
yeti-ns.switch.ch. 914 yeti-ns.lab.nic.cl. 914 yeti-ns.ix.ru. 914
yeti-ns.conit.co. 28
 
The script was:
 
#!/bin/sh
 
NS=$(dig +short +nodnssec +edns +bufsize=4096 NS .) for ns in ${NS}; do
    resp_size=$(dig +dnssec +edns +bufsize=4096 @$ns NS . | grep "MSG SIZE"
|cut -d' ' -f 6)
    echo "$ns $resp_size"
done | sort -n -r -k2
 
 
 
_______________________________________________
discuss mailing list
discuss at lists.yeti-dns.org
http://lists.yeti-dns.org/mailman/listinfo/discuss
 
 
 
_______________________________________________
discuss mailing list
discuss at lists.yeti-dns.org
http://lists.yeti-dns.org/mailman/listinfo/discuss

---
Kevin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yeti-dns.org/pipermail/discuss/attachments/20160519/e8122314/attachment.html>


More information about the discuss mailing list