使用 dig 测试 TCP 上的 DNS 截断查询

使用 dig 测试 TCP 上的 DNS 截断查询

我想测试我的网络是否支持 EDNS0。这意味着如果记录大于 512 字节,DNS 将通过 TCP 传输。它将首先使用 UDP 截断,然后通过 tcp 传输。

我正在使用挖掘工具。

有人能给我一个包含超过 512 字节记录的地址来测试吗?

谢谢。

答案1

$ dig +dnssec any . 

如果您收到响应,则表示确认。如果没有 EDNS0,您将看到 TC 设置。如果它通过与 EDNS0 协商的大数据包大小使用 UDP,则不会看到 TC 设置。这是后者:

; <<>> DiG 9.9.5-4.3ubuntu0.1-Ubuntu <<>> +dnssec any .
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3126
;; flags: qr rd ra; QUERY: 1, ANSWER: 21, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;.                              IN      ANY

;; ANSWER SECTION:
.                       86400   IN      RRSIG   SOA 8 0 86400 20141227170000 20141220160000 22603 . BflaxGqdW1hFum4ex62bGRA9oR2UmciaOwmrPudH+7bDqoZU1nCsdUJe tUvw67XgwEvTImWyr0YRW59Rt1WRa2WIx2JgzipTz0E9Z/gAfNimilIq lo0VQvtqI8XnzX0aluI/D5h/mCdLYoa4kUU/JYbAyGbuYlVcxTUEND9C cZE=
.                       86400   IN      SOA     a.root-servers.net. nstld.verisign-grs.com. 2014122001 1800 900 604800 86400
.                       86400   IN      RRSIG   NSEC 8 0 86400 20141227170000 20141220160000 22603 . nEPYsfblNfADiwm0DDv0UdXxM2DzUvr5sd6DXNSJsLmOtBFfE+ZRj2Ic 5ijwKgAVq2oOOWMzh2iL6t5vIrJSdCzj+KzwpUQoXiRxw6WmLDgNi4hP RxLkdQuXeGorMiBcmMGZ0KLu+GS+X5FgbpFraysmTKwxF5QzhvPuDfFw DPk=
.                       86400   IN      NSEC    abogado. NS SOA RRSIG NSEC DNSKEY
.                       172800  IN      RRSIG   DNSKEY 8 0 172800 20141225000000 20141210000000 19036 . EkXcXw65ncw09tkhq1JwJLv0CX6vlzieJg+80zm894XYLa6rBztHaem4 n2ur2kzOi1yPpCt79mIHbJii8HinMrPTln8wsDVxKy41GHsx2G1+2KaU C/IuFsI+D/lQ8A07R7ozXYKmbERSg0KTqtBBIetE9ZLptQVkkdmuJ15E OiEE7unOU4aD3wIKjsymTzSSwS9Qb5sKCTvSF9ct/a3XuOy6Mr/T3x5Y EUCY2U4QmnP8Oao8ukJQop8tVfbMKc02LTZ0ZeKjt0BguAYeeehzAiez dCcKEMDLU8G2wCxvvC7YQrwaS/MlKl6A0VsCXhcxSum1tD4E4LVOp18z eaTxdw==
.                       172800  IN      DNSKEY  257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=
.                       172800  IN      DNSKEY  256 3 8 AwEAAaPD7Y7XIi1MOEREJNTrRhyqsY3gff6JWzg+XCbqut1sbcbvqyss Hw8DT1AkRaAC92pO8xuyq5QEgEPL1IHfABLwpwXI5gTj4gdwi86bpkml Ws9fRpnn4DPDCTdrnxIejJXgClHikLJF3u3CdpNCMijq4CKdQbMlRZ3a vv+G7rh7
.                       518400  IN      RRSIG   NS 8 0 518400 20141227170000 20141220160000 22603 . OFzDcFqDXEuMP33XyF89i2Hf7OhH7Pd9xshFtKrgGvJGj0j65/e+m0ER 6GWRUL3RFnwEdmDaq+DaPTjlaKxvUo+VlfwB9TSwMDUq8m0Q6iopcLpv j0QG2HdN+EXZM21B5cg9+rLh9rtLLf6wcheQ7d4s8VIhIusTgbMAm+LN jN8=
.                       518400  IN      NS      g.root-servers.net.
.                       518400  IN      NS      f.root-servers.net.
.                       518400  IN      NS      m.root-servers.net.
.                       518400  IN      NS      j.root-servers.net.
.                       518400  IN      NS      e.root-servers.net.
.                       518400  IN      NS      k.root-servers.net.
.                       518400  IN      NS      b.root-servers.net.
.                       518400  IN      NS      d.root-servers.net.
.                       518400  IN      NS      h.root-servers.net.
.                       518400  IN      NS      l.root-servers.net.
.                       518400  IN      NS      i.root-servers.net.
.                       518400  IN      NS      c.root-servers.net.
.                       518400  IN      NS      a.root-servers.net.

;; Query time: 1002 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Dec 20 19:37:11 MST 2014
;; MSG SIZE  rcvd: 1507

相关内容