Checking Delegation

6.6.1 Problem

You need to check the delegation of a zone.

6.6.2 Solution

There are several ways to check a zone's delegation. One of the easiest is to use the +trace option supported by the BIND 9 version of dig. When you specify +trace, dig begins by looking up NS records for the root zone, using the local name server, and then sends a nonrecursive query to one of the root name servers. It continues by following referrals to other name servers until it finds the answer to the question specified on the command line. Here's an example:

$ dig +trace cnn.com

; <<>> DiG 9.2.1 <<>> +trace cnn.com
;; global options: printcmd
. 516931 IN NS A.ROOT-SERVERS.NET.
. 516931 IN NS B.ROOT-SERVERS.NET.
. 516931 IN NS C.ROOT-SERVERS.NET.
. 516931 IN NS D.ROOT-SERVERS.NET.
. 516931 IN NS E.ROOT-SERVERS.NET.
. 516931 IN NS F.ROOT-SERVERS.NET.
. 516931 IN NS G.ROOT-SERVERS.NET.
. 516931 IN NS H.ROOT-SERVERS.NET.
. 516931 IN NS I.ROOT-SERVERS.NET.
. 516931 IN NS J.ROOT-SERVERS.NET.
. 516931 IN NS K.ROOT-SERVERS.NET.
. 516931 IN NS L.ROOT-SERVERS.NET.
. 516931 IN NS M.ROOT-SERVERS.NET.
;; Received 292 bytes from 192.168.0.1#53(192.168.0.1) in 13 ms

com. 172800 IN NS A.GTLD-SERVERS.NET.
com. 172800 IN NS G.GTLD-SERVERS.NET.
com. 172800 IN NS H.GTLD-SERVERS.NET.
com. 172800 IN NS C.GTLD-SERVERS.NET.
com. 172800 IN NS I.GTLD-SERVERS.NET.
com. 172800 IN NS B.GTLD-SERVERS.NET.
com. 172800 IN NS D.GTLD-SERVERS.NET.
com. 172800 IN NS L.GTLD-SERVERS.NET.
com. 172800 IN NS F.GTLD-SERVERS.NET.
com. 172800 IN NS J.GTLD-SERVERS.NET.
com. 172800 IN NS K.GTLD-SERVERS.NET.
com. 172800 IN NS E.GTLD-SERVERS.NET.
com. 172800 IN NS M.GTLD-SERVERS.NET.
;; Received 457 bytes from 198.41.0.4#53(A.ROOT-SERVERS.NET) in 80 ms

cnn.com. 172800 IN NS TWDNS-01.NS.AOL.com.
cnn.com. 172800 IN NS TWDNS-02.NS.AOL.com.
cnn.com. 172800 IN NS TWDNS-03.NS.AOL.com.
cnn.com. 172800 IN NS TWDNS-04.NS.AOL.com.
;; Received 188 bytes from 192.5.6.30#53(A.GTLD-SERVERS.NET) in 78 ms

cnn.com. 300 IN A 64.236.24.4
cnn.com. 300 IN A 64.236.24.12
cnn.com. 300 IN A 64.236.16.20
cnn.com. 300 IN A 64.236.16.52
cnn.com. 300 IN A 64.236.24.20
cnn.com. 300 IN A 64.236.24.28
cnn.com. 300 IN A 64.236.16.84
cnn.com. 300 IN A 64.236.16.116
cnn.com. 600 IN NS twdns-01.ns.aol.com.
cnn.com. 600 IN NS twdns-02.ns.aol.com.
cnn.com. 600 IN NS twdns-03.ns.aol.com.
cnn.com. 600 IN NS twdns-04.ns.aol.com.
;; Received 316 bytes from 149.174.213.151#53(TWDNS-01.NS.AOL.com) in 123 ms

After discovering the root name servers list, the instance of dig queried a.root-servers.net for A records for cnn.com, then followed a referral to one of the com name servers, a.gtld-servers.net, and then followed another referral to one of the cnn.com name servers, twdns-01.ns.aol.com. This traces the iterative name resolution process an external name server would use to resolve cnn.com domain names. The fact that it succeeded shows that the delegation from the com zone's name servers (one of them, anyway) to cnn.com works.

6.6.3 Discussion

The tools dnswalk and doc also check delegation. dnswalk checks delegation to subdomains of the zone you designate on the command line if you use the -l option -- but it needs to transfer the zone to check it, so don't bother running a command like:

$ dnswalk com.

However, it's very useful if you want to check the delegations below your zone.

doc, which is included in the BIND 8 tar file of contributed utilities (available in the same directory as the BIND 8 source code -- see Section 1.12 for details), also checks delegation to a zone's name servers, as well as synchronization between those name servers and their parent name servers.

6.6.4 See Also

Section 1.12 for instructions on how to get the BIND 8 source code (as well as the contributed utilities), and Section 5.16 for how to get dnswalk.

Getting Started

Zone Data

BIND Name Server Configuration

Electronic Mail

BIND Name Server Operations

Delegation and Registration

Security

Interoperability and Upgrading

Resolvers and Programming

Logging and Troubleshooting

IPv6



DNS & BIND Cookbook
DNS & BIND Cookbook
ISBN: 0596004109
EAN: 2147483647
Year: 2005
Pages: 220
Authors: Cricket Liu

Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net