[Dnssec-deployment] No wildcard RR in the response

Mohan Parthasarathy suruti94 at gmail.com
Fri Nov 18 14:07:00 EST 2011


Hi,

This was raised in dnsop sometime back but it was not clear what the
problem was. Depending on the CD bit, the response for the following
commands (see below) are different in the authority section. When the
CD bit is not set, the right wildcard is returned. Why is the behavior
different with the setting of the CD bit ?

-mohan


dig ptr www.cw.test.itec-usa.com +dnssec @75.75.75.75 +cd=1

; <<>> DiG 9.7.3-P3 <<>> ptr www.cw.test.itec-usa.com +dnssec @75.75.75.75 +cd=1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50766
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4000
;; QUESTION SECTION:
;www.cw.test.itec-usa.com.	IN	PTR

;; ANSWER SECTION:
www.cw.test.itec-usa.com. 20	IN	CNAME	ietf.org.
www.cw.test.itec-usa.com. 20	IN	RRSIG	CNAME 10 4 20 20111218180831
20111117180811 58790 test.itec-usa.com.
MxlMsXX/UnB3IF0ltHsnjsCmWw3dyFaXpvlqGOobk15Xxod+dK7ElyZ6
aImVWeZOkpt0ltiuwLDdXLiLyYmAZsQjKCS5i8v+xcGkvUBKo+prP0SD
HGyJTUgg2GfdFjeOwj0FGALHiagUjeNQ84g0FwAOHdCP/gR8fFnWi+pK
etY6fIFQnq40CkrNKDE=

;; AUTHORITY SECTION:
ietf.org.		1800	IN	NSEC	ietf1._domainkey.ietf.org. A NS SOA MX TXT
AAAA RRSIG NSEC DNSKEY SPF
ietf.org.		1800	IN	RRSIG	NSEC 5 2 7200 20121003223403 20111004213459
40452 ietf.org.
RqNomEi9SmLU1OmKsvfhZvVriDVaCtWZvyD8CubVAwTIMr0jUyUvq2Lb
aqz6p42VLFE8Fz3Pqp4JDyCgXHiC5woUsixEqrnR+WFC3Kf+7x0XAVSi
lPMBFXI8qdPkQMgBhAWhb7vzQQ1EKR38mxJ5J3N/x2lLmDXSP915jlQE
j1/1TTSP0RXLhPrTbZ5iiHaM7z9B28QAGuQibO6/cps12316vDm8L9RM
OBB97mI7GdRDXWacGidU1bx7H1EkJef/HrtQjp1MGMKOWKfrt8mNlZwh
XkouDLaKjTUhEvKU12TQJ2ZvdKxzH1QH559MGRUCzWy8Jw4pgfvd2XFG tIUk/A==

dig ptr www.cw.test.itec-usa.com +dnssec @75.75.75.75

; <<>> DiG 9.7.3-P3 <<>> ptr www.cw.test.itec-usa.com +dnssec @149.20.64.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51397
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 6, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;www.cw.test.itec-usa.com.	IN	PTR

;; ANSWER SECTION:
www.cw.test.itec-usa.com. 20	IN	CNAME	ietf.org.
www.cw.test.itec-usa.com. 20	IN	RRSIG	CNAME 10 4 20 20111218180831
20111117180811 58790 test.itec-usa.com.
MxlMsXX/UnB3IF0ltHsnjsCmWw3dyFaXpvlqGOobk15Xxod+dK7ElyZ6
aImVWeZOkpt0ltiuwLDdXLiLyYmAZsQjKCS5i8v+xcGkvUBKo+prP0SD
HGyJTUgg2GfdFjeOwj0FGALHiagUjeNQ84g0FwAOHdCP/gR8fFnWi+pK
etY6fIFQnq40CkrNKDE=

;; AUTHORITY SECTION:
*.cw.test.itec-usa.com.	20	IN	NSEC	*.cwp.test.itec-usa.com. CNAME RRSIG NSEC
*.cw.test.itec-usa.com.	20	IN	RRSIG	NSEC 10 4 86400 20111219180811
20111117180811 58790 test.itec-usa.com.
IU1dvfWD/jaaKUS9C5UwQZ+SNOc3mPXH//OzJtT6Yqt7eQ/xTosLVHI1
MogLd7kklXtQKTAKflsE85Av4FxUExo0SVNSRw8K6/26DRoov5ZPZAM+
GndLOyWK9gqXyXuzTGLmIuGA3DjbQFzucwloQ3HvTLnGuoDoCWZhy/YZ
osw8bc8Lx1hJUxj5nZo=


More information about the Dnssec-deployment mailing list