Strange results with dig command on localhost behind pfSense
-
Hi,
My knowledge in DNS is limited. I noticed something earlier this day when I had trouble to reach a webpage:
Why is the "AUTHORITY: 1" part missing in the answers for this specific domain when doing queries on localhosts behind pfSense?
With localhost directly connected (with public IP) or from pfSense /exec.php page every query got the "AUTHORITY: 1" part.If I restart the dns forwarder in pfSense I get ONE answer with the "AUTHORITY: 1" part intact, then the rest looks as below:
localhost OS X (behind pfSense):
$ dig ofiltrerat.se
; <<>> DiG 9.4.3-P3 <<>> ofiltrerat.se
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61316
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:
;ofiltrerat.se. IN A;; Query time: 19 msec
;; SERVER: 172.22.22.1#53(172.22.22.1)
;; WHEN: Tue Feb 9 16:02:59 2010
;; MSG SIZE rcvd: 31–-----------------------------------------------------
pfSense 2.0-BETA1 built on Fri Feb 5 18:02:48 EST 2010 (/exec.php)
$ dig ofiltrerat.se
; <<>> DiG 9.6.1-P1 <<>> ofiltrerat.se
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2325
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:
;ofiltrerat.se. IN A;; AUTHORITY SECTION:
ofiltrerat.se. 672 IN SOA ns1.b-one.nu. hostmaster.b-one.net. 2004000000 10800 1800 1209600 900;; Query time: 10 msec
;; SERVER: 195.54.122.204#53(195.54.122.204)
;; WHEN: Tue Feb 9 16:05:49 2010
;; MSG SIZE rcvd: 99
And localhost again, now directly connected via public IP:
$ dig ofiltrerat.se
; <<>> DiG 9.4.3-P3 <<>> ofiltrerat.se
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31123
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:
;ofiltrerat.se. IN A;; AUTHORITY SECTION:
ofiltrerat.se. 232 IN SOA ns1.b-one.nu. hostmaster.b-one.net. 2004000000 10800 1800 1209600 900;; Query time: 17 msec
;; SERVER: 195.54.122.204#53(195.54.122.204)
;; WHEN: Tue Feb 9 16:47:48 2010
;; MSG SIZE rcvd: 99update
I have done some reading about dnsmasq and...
This is probably the right behaviour and that it is some kind of "feature" to only show the SOA record once... -
Because one sometimes you get responses from the OS local cache which is not authoritive.
-
@ermal:
Because one sometimes you get responses from the OS local cache which is not authoritive.
What I meant was that if I make 20 identical queries with dig to an DNS server I get the "AUTHORITY SECTION" with every answer.
But now if I make the very same 20 queries to pfSense (dnsmasq) I only get the "AUTHORITY SECTION" on the first answer until a reload of the DNS forwarder service.
May very well be an feature of dnsmasq… not local OS cache.
-
dnsmasq is caching the answer, as that is one of its primary purposes (to be a DNS cache).
When you restart the DNS Forwarder, the cache is flushed.
-
That's how it should work, just means it was returned from cache.
