I have a web application that needs to determine if a user-entered name is a valid nameserver.
In most cases I can do this with a two-step process:
[ul][li]Check that I can look up the nameserver name and get an IP;[/li]
[li]Issue a UDP server status request (opcode 2) to that IP on port 53 and see if I get a response in some reasonable timeframe (I use three 3-second tries, which seems to work).[/li][/ul]
However ... I have found a few servers that ignore opcode 2 and will only respond to real queries (opcode 0) -- and then only for domains for which they are authoritative. That makes it impossible to determine if the server is legit because in order to do so I have to know a domain that it handles.
Anyone know if this is typical? Allowed per RFC? I did some searching and can't find anything which says whether opcode 2 support is in the MAY vs. SHALL / MUST category for DNS.
While we're on the topic, I've tested this server status stuff under both TCP and UDP -- it's interesting to see the responses. Almost everyone responds to UDP queries, most respond to TCP queries, but a few nameservers respond only to TCP and not UDP for server status. And, as noted above, a few don't respond to either.
Thanks for any assistance,
Tom
In most cases I can do this with a two-step process:
[ul][li]Check that I can look up the nameserver name and get an IP;[/li]
[li]Issue a UDP server status request (opcode 2) to that IP on port 53 and see if I get a response in some reasonable timeframe (I use three 3-second tries, which seems to work).[/li][/ul]
However ... I have found a few servers that ignore opcode 2 and will only respond to real queries (opcode 0) -- and then only for domains for which they are authoritative. That makes it impossible to determine if the server is legit because in order to do so I have to know a domain that it handles.
Anyone know if this is typical? Allowed per RFC? I did some searching and can't find anything which says whether opcode 2 support is in the MAY vs. SHALL / MUST category for DNS.
While we're on the topic, I've tested this server status stuff under both TCP and UDP -- it's interesting to see the responses. Almost everyone responds to UDP queries, most respond to TCP queries, but a few nameservers respond only to TCP and not UDP for server status. And, as noted above, a few don't respond to either.
Thanks for any assistance,
Tom