0

I tried to dig a domain on a non-recursive DNS server. From what I know (so far), a non recursive DNS is not supposed to answer what they are not authoritative for.

For example :

[root@dhcppc14 vwxyz]# dig muse.mu @202.159.36.218

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> muse.mu @202.159.36.218
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46239
;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
**;; WARNING: recursion requested but not available**

;; QUESTION SECTION:

;muse.mu.                       IN      A

;; ANSWER SECTION:

**muse.mu.                3600    IN      A       162.249.109.50**

;; Query time: 253 msec
;; SERVER: 202.159.36.218#53(202.159.36.218)
;; WHEN: Sat Jun 27 05:58:14 2015
;; MSG SIZE  rcvd: 41

Could you explain what exactly happened?

Thanks,

Jenny D
  • 27,780
  • 21
  • 75
  • 114
vwxyzx
  • 11
  • 1
  • 3

2 Answers2

0

Try

dig +trace @202.159.36.218 muse.mu

to check how exactly resolving is goes in your case.

It either immediately returns a DNS record because it already stores it in local cache or directly queries a DNS Name Server which is authoritative for the record, meaning it definitely holds the correct IP for that hostname.

gapsf
  • 846
  • 1
  • 6
  • 12
0

I'm not sure if 202.159.36.218 is supposed to be an authoritative nameserver for muse.mu or where it comes into the picture. Because of that I can't explain why 202.159.36.218 answers for muse.mu without being recursive.

The warning you're seeing is printed from digwhenever it sends a query with RD (recursion desired), and receives a response without RA (recursion available).

dig sends recursive queries by default (message type RD, "recursion desired").

From the dig man page:

+[no]recurse

Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means dig normally sends recursive queries. Recursion is automatically disabled when the +nssearch or +trace query options are used.

From RFC 883:

A name server that supports recursive service sets the Recursion Available (RA) bit in all responses it generates. A requestor asks for recursive service by setting the Recursion Desired (RD) bit in queries. In some situations where recursive service is the only path to the desired information (see below), the name server may go recursive even if RD is zero.

The warning will print whenever you query a authoritative nameserver where recursion is not allowed without specifying that the query is to be non-recursive (option +norecurse).

Community
  • 1
mboehn
  • 377
  • 1
  • 9
  • Hi mboehn thanks for your explanation. The ip address 202.159.36.218 is my nameserver, which of course not an authoritative for muse.mu. I was just curious if there was a misconfiguration with my bind. I found this also on another authoritative nameserver. Is there any possibility that the nameserver using its cache? – vwxyzx Jun 29 '15 at 03:11