dig @ns7.embarqservices.net www.126.com A +dnssec +multiline
; <<>> DiG 9.7.3 <<>> @ns7.embarqservices.net www.126.com A +dnssec +multiline
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54408
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.126.com. IN A
;; ANSWER SECTION:
www.126.com. 17668 IN CNAME mcache.mail.163.com.
mcache.mail.163.com. 269 IN CNAME email.163.com.lxdns.com.
email.163.com.lxdns.com. 108 IN CNAME public.mail126.001.cnccdn.com.
public.mail126.001.cnccdn.com. 120 IN A 176.34.63.150
;; Query time: 1184 msec
;; SERVER: 207.14.235.234#53(207.14.235.234)
;; WHEN: Mon Apr 1 23:50:59 2013
;; MSG SIZE rcvd: 160
dig @ns0.spirittelecom.com www.126.com A +dnssec +multiline
; <<>> DiG 9.7.3 <<>> @ns0.spirittelecom.com www.126.com A +dnssec +multiline
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57640
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 5, ADDITIONAL: 6
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.126.com. IN A
;; ANSWER SECTION:
www.126.com. 551 IN CNAME mcache.mail.163.com.
mcache.mail.163.com. 600 IN CNAME email.163.com.lxdns.com.
email.163.com.lxdns.com. 3599 IN CNAME public.mail126.001.cnccdn.com.
public.mail126.001.cnccdn.com. 120 IN A 176.34.63.150
;; AUTHORITY SECTION:
cnccdn.com. 146684 IN NS ns1.cnccdn.com.
cnccdn.com. 146684 IN NS ns2.cnccdn.com.
cnccdn.com. 146684 IN NS ns3.cnccdn.com.
cnccdn.com. 146684 IN NS ns4.cnccdn.com.
cnccdn.com. 146684 IN NS ns5.cnccdn.com.
;; ADDITIONAL SECTION:
ns1.cnccdn.com. 146684 IN A 183.136.156.173
ns2.cnccdn.com. 146684 IN A 122.136.46.140
ns3.cnccdn.com. 146684 IN A 221.181.72.178
ns4.cnccdn.com. 146684 IN A 61.54.12.67
ns5.cnccdn.com. 146684 IN A 115.238.234.30
;; Query time: 889 msec
;; SERVER: 165.166.8.54#53(165.166.8.54)
;; WHEN: Mon Apr 1 23:44:57 2013
;; MSG SIZE rcvd: 330
Why the first one returns QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
the second one returns QUERY: 1, ANSWER: 4, AUTHORITY: 5, ADDITIONAL: 6
One is a forwarder while the other is a resolver (recursion)?
If not what configuration differences made them behave different?
What is the 1 additional for the first query? I am not seeing the additional section.
Edit: The 1 additional is OPT pseudosetion EDNS0 I think.
Best Answer
Your intuition is partially correct. Basically, it looks like the servers are responding with EDNS responses. EDNS is backwards compatible by stuffing everything into the "ADDITIONAL" section. The "ADDITIONAL" flag at the beginning is coming straight from the DNS header field "ARCOUNT" which is (obviously) coming directly from the server. The server increments the ARCOUNT because from its perspective that's what it's doing, it just looks like dig is a little smarter about interpreting EDNS queries. if you're curious as to what the additional section looks like
As for the authority thing. No idea. The embarq server just isn't responding with any authority servers (the server's not really required to do that, just a way for the server to say "you don't have to ask me for this information"). Neither one of the servers are responding as authoritative so my guess would be that the DNS server is omitting the authority section to implement the "search" feature you get when you type a hostname that doesn't exist into the web browser's address bar. My Time-Warner DNS servers are behaving the same way and they do the "time warner search" thing.