-1

Doing dig +short @ns1.google.com ns1.google.com AAAA hits ns1.google.com to get IPv6 address for ns1.google.com. From wireshark i can see that the query goes to IPv6 address 2001:4860:4802:32::a which is something i'm actually looking for.

Question is how did dig figure out to which IPv6 address the query, to get the IP address of the name server, should be sent to?

May be i'm missing something very basic here.

lafolle
  • 99
  • 1
  • 7
  • Asking for `AAAA` records and using IPv6 transport are completely non correlated things. `dig` used IPv6 just because your box has IPv6 and is probably configured to prefer it. On linux, see `/etc/gai.conf`. – Patrick Mevzek Jul 14 '20 at 00:25
  • 1
    "how did dig figure out to which IPv6 address the query" By doing recursive queries, as explained in its manpage, for the `@` option: "When the supplied server argument is a hostname, dig resolves that name before querying that name server." – Patrick Mevzek Jul 14 '20 at 00:27
  • Regarding your first comment- i wasn't trying to figure out why ipv6 transport is used, my bad for not putting it clearly. Though thanks for the pointer! – lafolle Jul 14 '20 at 01:36

1 Answers1

0

dig used the system DNS resolver, which is 1.1.1.1 (Cloudflare's) to fetch A and AAAA records for ns1.google.com and then used those addresses (IPv6) to answer the query which is oddly AAAA in my case.

I had missed few packets in wireshark earlier, here is the cleaner picture:

Wireshark pic

@patrick-mevzek: thanks for the pointer!

lafolle
  • 99
  • 1
  • 7