Does BIND 9.9 show wrong number of ADDITIONAL SECTION? [closed]

StackOverflow https://stackoverflow.com/questions/19047810

  •  29-06-2022
  •  | 
  •  

سؤال

I use BIND 9.9.4 and see the following issue.

The dig command shows us there is 2 records in the ADDITIONAL section:

ADDITIONAL: 2

But it only shows us 1 record actually in the response:

;; ADDITIONAL SECTION:
 dns1.example.net.  3600    IN  A   127.0.0.1

Example: From this link: https://kb.isc.org/article/AA-00711/0/In-line-Signing-With-NSEC3-in-BIND-9.9-A-Walk-through.html#informer

root:/etc/namedb/keys# dig @127.0.0.1 foo.example.net any

  ; <<>> DiG 9.9.1-P1 <<>> @127.0.0.1 foo.example.net any
  ; (1 server found)
  ;; global options: +cmd
  ;; Got answer:
  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20991
  ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

  ;; OPT PSEUDOSECTION:
  ; EDNS: version: 0, flags:; udp: 4096
  ;; QUESTION SECTION:
  ;foo.example.net.     IN  ANY

  ;; ANSWER SECTION:
  foo.example.net.  3600    IN  A   192.168.10.10

  ;; AUTHORITY SECTION:
  example.net.      86400   IN  NS  dns1.example.net.

  ;; ADDITIONAL SECTION:
  dns1.example.net. 3600    IN  A   127.0.0.1

  ;; Query time: 0 msec
  ;; SERVER: 127.0.0.1#53(127.0.0.1)
  ;; WHEN: Mon Jun 11 16:34:26 2012
  ;; MSG SIZE  rcvd: 95
هل كانت مفيدة؟

المحلول

It's not technically a bug, but confusing presentation. In 9.9, dig started turning on EDNS(0) by default, so the responses come back with an OPT record in the additional section. OPT doesn't have a defined text output format, so it isn't printed as a record; the only way you can tell it's there is to look for where it says "OPT PSEUDOSECTION" up near the top. But it is an extra record in the additional section, so the counts you see are correct.

If you use "dig +edns=0" in 9.8 or "dig +noedns" in 9.9, the counts will match.

مرخصة بموجب: CC-BY-SA مع الإسناد
لا تنتمي إلى StackOverflow
scroll top