Re: [dns-operations] Single label queries on Windows (11)

Fri, 07 Jul 2023 22:44:02 -0700 

Ah, this is embarrassing. Yes, trailing dot have helped.

I am sorry for the confusion.

>nslookup -type=ns org.
Server: pihole
Address: 192.168.88.9

Non-authoritative answer:
org nameserver = b2.org.afilias-nst.org <http://b2.org.afilias-nst.org/>
org nameserver = a2.org.afilias-nst.info <http://a2.org.afilias-nst.info/>
org nameserver = c0.org.afilias-nst.info <http://c0.org.afilias-nst.info/>
org nameserver = b0.org.afilias-nst.org <http://b0.org.afilias-nst.org/>
org nameserver = a0.org.afilias-nst.info <http://a0.org.afilias-nst.info/>
org nameserver = d0.org.afilias-nst.org <http://d0.org.afilias-nst.org/>
a0.org.afilias-nst.info <http://a0.org.afilias-nst.info/> internet address = 199.19.56.1 a2.org.afilias-nst.info <http://a2.org.afilias-nst.info/> internet address = 199.249.112.1 b0.org.afilias-nst.org <http://b0.org.afilias-nst.org/> internet address = 199.19.54.1 b2.org.afilias-nst.org <http://b2.org.afilias-nst.org/> internet address = 199.249.120.1 c0.org.afilias-nst.info <http://c0.org.afilias-nst.info/> internet address = 199.19.53.1 d0.org.afilias-nst.org <http://d0.org.afilias-nst.org/> internet address = 199.19.57.1 a0.org.afilias-nst.info <http://a0.org.afilias-nst.info/> AAAA IPv6 address = 2001:500:e::1 a2.org.afilias-nst.info <http://a2.org.afilias-nst.info/> AAAA IPv6 address = 2001:500:40::1 b0.org.afilias-nst.org <http://b0.org.afilias-nst.org/> AAAA IPv6 address = 2001:500:c::1 b2.org.afilias-nst.org <http://b2.org.afilias-nst.org/> AAAA IPv6 address = 2001:500:48::1 c0.org.afilias-nst.info <http://c0.org.afilias-nst.info/> AAAA IPv6 address = 2001:500:b::1 d0.org.afilias-nst.org <http://d0.org.afilias-nst.org/> AAAA IPv6 address = 2001:500:f::1 


On 7/7/23 20:32, Viktor Dukhovni wrote:

On Fri, Jul 07, 2023 at 08:09:39PM +0200, Petr Menšík wrote:


I have tested recently how Windows 11 behaves when resolving single
label queries.

I have expected it might try to use LLMNR. But I did not expect it would
do so also when trying nslookup, a tool which should be DNS only tool.

I have tried:

nslookup -type=ns com 9.9.9.9

It is not too surprising if this is also subject to the default suffix
list of the network "connection", which initialises the resolution
context, and then just overrides the server.  Have you tried:

     nslookup -type=ns com. 9.9.9.9

with an explicit trailing "."?


I thought I have tried that, but turns out I have tried that only when
testing behavior of systemd-resolved installation on Linux, where it was 
useless.
On Windows it helps. Parameter -debug showed it indeed
appends default domain suffix and does not try without it after negative
 response.

nslookup from ISC BIND9 behaves a bit better, but that is an acceptable 
difference.

$ nslookup -domain=home.arpa -debug -type=ns org

Server:        127.0.0.1
Address:    127.0.0.1#53

------------
    QUESTIONS:
    org.home.arpa, type = NS, class = IN
    ANSWERS:
    AUTHORITY RECORDS:
    ->  home.arpa
    origin = localhost
    mail addr = nobody.invalid
    serial = 1
    refresh = 3600
    retry = 1200
    expire = 604800
    minimum = 10800
    ttl = 10800
    ADDITIONAL RECORDS:
------------
** server can't find org.home.arpa: NXDOMAIN
Server:        127.0.0.1
Address:    127.0.0.1#53

------------
    QUESTIONS:
    org, type = NS, class = IN
    ANSWERS:
    ->  org
    nameserver = b0.org.afilias-nst.org.
    ttl = 1824
    ->  org
    nameserver = b2.org.afilias-nst.org.
    ttl = 1824
    ->  org
    nameserver = c0.org.afilias-nst.info.
    ttl = 1824
    ->  org
    nameserver = d0.org.afilias-nst.org.
    ttl = 1824
    ->  org
    nameserver = a0.org.afilias-nst.info.
    ttl = 1824
    ->  org
    nameserver = a2.org.afilias-nst.info.
    ttl = 1824
    AUTHORITY RECORDS:
    ADDITIONAL RECORDS:
------------
Non-authoritative answer:
org    nameserver = b0.org.afilias-nst.org.
org    nameserver = b2.org.afilias-nst.org.
org    nameserver = c0.org.afilias-nst.info.
org    nameserver = d0.org.afilias-nst.org.
org    nameserver = a0.org.afilias-nst.info.
org    nameserver = a2.org.afilias-nst.info.

Authoritative answers can be found from:


Got NXDOMAIN. I were very suprised, learned that does not exist. Even
more suprising were fact, that it presented the result came from the
specified server.

But the result should have been for "com.<your-default-suffix>."
What happens when you configure the network connection with a default
suffix of "."?

"nslookup -domain=. -type=ns com" works fine as well.

--
Petr Menšík
Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB

_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Reply via email to