OT: how to read BIND's debug file (named.run)

Chuck Swiger cswiger at mac.com
Wed Mar 21 20:23:41 UTC 2007

Hi, Doug--

On Mar 21, 2007, at 11:17 AM, Doug Poland wrote:
[ ...named logs... ]
> I trimmed out date/time stamp and it's obvious what the client,
> IP#port, query: name are for.  Also, I get what the: IN  A MX  SOA
> PTR flags are.  But what do the following characters mean?
> -
> +
> AAAA -
> AAAA +
> -E
> I googled and did a little experimenting with dig but sure would be
> nice if there's a document out there that describes all these.

Using the source (/usr/src/contrib/bind9/bin/named/query.c) suggests:

         ns_client_log(client, NS_LOGCATEGORY_QUERIES,  
                       level, "query: %s %s %s %s%s%s", namebuf,  
                       typename, WANTRECURSION(client) ? "+" : "-",
                       (client->signer != NULL) ? "S": "",
                       (client->opt != NULL) ? "E" : "");

AAAA refers to an IPv6 address lookup, similar to an IPv4 "A"  
lookup.  "+" or "-" indicates whether the client requested recursion,  
and perhaps suggests whether it infers whether it should be talking  
to a nameserver which is authoritative for a given zone.  "S" would  
indicate the response was cryptographically signed using TSIG or  
whatever BIND's nickname for PKI is, and "E" seems to indicate  
whether one of the following two options is set:

* This option is deprecated since we now only consider nibbles.
#define DNS_BYADDROPT_IPV6NIBBLE        0x0001
#define DNS_BYADDROPT_IPV6INT           0x0002


More information about the freebsd-questions mailing list