starred/hickory-dns

Fork 0

mirror of https://github.com/hickory-dns/hickory-dns.git synced 2026-04-25 03:05:51 +03:00

[GH-ISSUE #1277] client: AXFR not return all records #642

New issue

Closed

opened 2026-03-15 23:36:03 +03:00 by kerem · 9 comments

kerem commented

2026-03-15 23:36:03 +03:00

Owner

Originally created by @visig9 on GitHub (Nov 9, 2020).
Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1277

Describe the bug
I'm try to use trust_dns_client in company internal network to fetch all records by AXFR request. But I found the returned records not the same as results of dig.

dig version (use example.com. to replace real domain):

$ dig -t axfr example.com. @172.20.1.5

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t axfr example.com. @172.20.1.5
;; global options: +cmd

... omit ...

;; Query time: 49 msec
;; SERVER: 172.20.1.5#53(172.20.1.5)
;; WHEN: Mon Nov 09 09:57:12 CST 2020
;; XFR size: 660 records (messages 2, bytes 16795)

The trust-dns-client axfr-test program:

$ ./axfr-test
number of message in response: 1
number of record in response answer: 405

I notice the result of dig indicated it has 660 records + 2 messages, but in my sample code only has 405 records + 1 message. It maybe a bug?

To Reproduce

The code of axfr-test:

use std::net::{IpAddr, SocketAddr};
use trust_dns_client::{
    client::SyncClient,
    rr::{DNSClass, Name, Record, RecordType},
};

fn main() {
    // TODO: use real `nameserver` and `domain` in here
    let nameserver: IpAddr = [172, 20, 1, 5].into();
    let domain: Name = "example.com.".parse().unwrap();

    let records = query_axfr(nameserver, &domain);

    println!("number of record in response answer: {}", records.len());
}

fn query_axfr(nameserver: IpAddr, domain: &Name) -> Vec<Record> {
    let client = SyncClient::new(
        trust_dns_client::tcp::TcpClientConnection::new(SocketAddr::new(nameserver, 53))
            .expect("create tcp client connection failed"),
    );

    let response =
        trust_dns_client::client::Client::query(&client, domain, DNSClass::IN, RecordType::AXFR)
            .expect("DNS query failed");

    println!("number of message in response: {}", response.len());

    response
        .messages()
        .map(|msg| msg.answers())
        .flatten()
        .cloned()
        .collect()
}

Expected behavior
axfr-test should have the same results of dig.

System:

OS: ubuntu
Architecture: x86_64
Version 16.04
rustc version: 1.47.0

Version:
Crate: client
Version: 0.19.5

Additional context
N/A

Thanks help!

Originally created by @visig9 on GitHub (Nov 9, 2020). Original GitHub issue: https://github.com/hickory-dns/hickory-dns/issues/1277 **Describe the bug** I'm try to use `trust_dns_client` in company internal network to fetch all records by AXFR request. But I found the returned records not the same as results of `dig`. `dig` version (use `example.com.` to replace real domain): ``` $ dig -t axfr example.com. @172.20.1.5 ; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t axfr example.com. @172.20.1.5 ;; global options: +cmd ... omit ... ;; Query time: 49 msec ;; SERVER: 172.20.1.5#53(172.20.1.5) ;; WHEN: Mon Nov 09 09:57:12 CST 2020 ;; XFR size: 660 records (messages 2, bytes 16795) ``` The `trust-dns-client` axfr-test program: ``` $ ./axfr-test number of message in response: 1 number of record in response answer: 405 ``` I notice the result of `dig` indicated it has 660 records + 2 messages, but in my sample code only has 405 records + 1 message. It maybe a bug? **To Reproduce** The code of `axfr-test`: ```rust use std::net::{IpAddr, SocketAddr}; use trust_dns_client::{ client::SyncClient, rr::{DNSClass, Name, Record, RecordType}, }; fn main() { // TODO: use real `nameserver` and `domain` in here let nameserver: IpAddr = [172, 20, 1, 5].into(); let domain: Name = "example.com.".parse().unwrap(); let records = query_axfr(nameserver, &domain); println!("number of record in response answer: {}", records.len()); } fn query_axfr(nameserver: IpAddr, domain: &Name) -> Vec<Record> { let client = SyncClient::new( trust_dns_client::tcp::TcpClientConnection::new(SocketAddr::new(nameserver, 53)) .expect("create tcp client connection failed"), ); let response = trust_dns_client::client::Client::query(&client, domain, DNSClass::IN, RecordType::AXFR) .expect("DNS query failed"); println!("number of message in response: {}", response.len()); response .messages() .map(|msg| msg.answers()) .flatten() .cloned() .collect() } ``` **Expected behavior** `axfr-test` should have the same results of `dig`. **System:** - OS: ubuntu - Architecture: x86_64 - Version 16.04 - rustc version: 1.47.0 **Version:** Crate: client Version: 0.19.5 **Additional context** N/A Thanks help!

kerem

2026-03-15 23:36:03 +03:00

closed this issue
added the
bug

crate:client

ops

compliance
labels

kerem commented

2026-03-15 23:36:20 +03:00

Author

Owner

@djc commented on GitHub (Nov 9, 2020):

Since we don't have access to your DNS server, could you look at the resulting records and give some samples of responses that are in dig's responses, but not in the trust-dns reponses? My initial hunch is that dig is allowing multiple messages while this might need some extra setup on the trust-dns side.

@djc commented on GitHub (Nov 9, 2020): Since we don't have access to your DNS server, could you look at the resulting records and give some samples of responses that are in dig's responses, but not in the trust-dns reponses? My initial hunch is that dig is allowing multiple messages while this might need some extra setup on the trust-dns side.

kerem commented

2026-03-15 23:36:25 +03:00

Author

Owner

@visig9 commented on GitHub (Nov 10, 2020):

If don't care how data produced, just scroll to diff the two files section.

`axfr-test` rust source code

use std::net::{IpAddr, SocketAddr};
use trust_dns_client::{
    client::SyncClient,
    rr::{DNSClass, Name, Record, RecordType},
};

fn main() {
    let nameserver: IpAddr = [172, 20, 1, 5].into();
    let domain: Name = "***********.***.**.".parse().unwrap();
    let records = query_axfr(nameserver, &domain);

    println!("number of record in response answer: {}", records.len());

    // NEW: simulate dig output (without rdata part)
    for record in records.iter() {
        println!(
            "{}\t{}\t{}\t{}",
            record.name(),
            record.ttl(),
            record.dns_class(),
            record.rr_type(),
        );
    }
}

fn query_axfr(nameserver: IpAddr, domain: &Name) -> Vec<Record> {
    let client = SyncClient::new(
        trust_dns_client::tcp::TcpClientConnection::new(SocketAddr::new(nameserver, 53))
            .expect("create tcp client connection failed"),
    );

    let response =
        trust_dns_client::client::Client::query(&client, domain, DNSClass::IN, RecordType::AXFR)
            .expect("DNS query failed");

    println!("number of message in response: {}", response.len());

    response
        .messages()
        .map(|msg| msg.answers())
        .flatten()
        .cloned()
        .collect()
}

Get output

dig -t axfr ***********.***.**. @172.20.1.5 > axfr.txt
./axfr-test > axfr-test-result.txt

Then convert dig-result.txt to dig-result-modified.txt by remove data part from all line of records.

diff the two files

diff -u --ignore-space-change axfr-test-result.txt dig-result-modified.txt > diff.txt

diff.txt: (already mask some sensitive domain data)

--- axfr-test-result.txt	2020-11-10 09:47:58.000000000 +0800
+++ dig-result-modified.txt	2020-11-10 10:12:06.000000000 +0800
@@ -1,5 +1,6 @@
-number of message in response: 1
-number of record in response answer: 405
+
+; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t axfr
+;; global options: +cmd
 ***********.***.**.	300	IN	SOA
 ***********.***.**.	300	IN	MX
 ***********.***.**.	300	IN	NS
@@ -405,3 +406,263 @@
 oidc.***********.***.**.	300	IN	A
 oidc------.***********.***.**.	300	IN	A
 oms0-.***********.***.**.	300	IN	A
+oms0-.***********.***.**. 300	IN	A
+oms0-.***********.***.**. 300	IN	A
+oms0-.***********.***.**. 300	IN	A
+oms0-.***********.***.**. 300	IN	A
+oms0-.***********.***.**. 300	IN	A
+oms0-.***********.***.**. 300	IN	A
+oms0-.***********.***.**. 300	IN	A
+oms0-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms1-.***********.***.**. 300	IN	A
+oms2-.***********.***.**. 300	IN	A
+oms2-.***********.***.**. 300	IN	A
+oms2-.***********.***.**. 300	IN	A
+oms2-.***********.***.**. 300	IN	A
+oms2-.***********.***.**. 300	IN	A
+oms2-.***********.***.**. 300	IN	A
+oms9-.***********.***.**. 300	IN	A
+pda.***********.***.**.	300	IN	A
+plus.***********.***.**. 300	IN	NS
+plus.***********.***.**. 300	IN	NS
+plus.***********.***.**. 300	IN	NS
+plus.***********.***.**. 300	IN	NS
+plus-------.***********.***.**.	300 IN	A
+plus--------.***********.***.**. 300 IN	A
+plus----.***********.***.**. 300 IN	A
+plus----.***********.***.**. 300 IN	A
+plus---.***********.***.**. 300	IN	A
+plus---.***********.***.**. 300	IN	A
+pmm.***********.***.**.	300	IN	A
+port--.***********.***.**. 300	IN	A
+ppus-.***********.***.**. 300	IN	A
+prer-----.***********.***.**. 300 IN	NS
+prer-----.***********.***.**. 300 IN	NS
+prer-----.***********.***.**. 300 IN	NS
+prer-----.***********.***.**. 300 IN	NS
+pro.***********.***.**.	300	IN	NS
+pro.***********.***.**.	300	IN	NS
+pro.***********.***.**.	300	IN	NS
+pro.***********.***.**.	300	IN	NS
+prof---.***********.***.**. 300	IN	NS
+prof---.***********.***.**. 300	IN	NS
+prof---.***********.***.**. 300	IN	NS
+prof---.***********.***.**. 300	IN	NS
+prom--.***********.***.**. 300	IN	A
+prox------.***********.***.**. 300 IN	CNAME
+prox----------.***********.***.**. 300 IN A
+prox------.***********.***.**. 300 IN	CNAME
+prox----------.***********.***.**. 300 IN A
+prox----------.***********.***.**. 300 IN A
+prox------.***********.***.**. 300 IN	A
+prox----------.***********.***.**. 300 IN A
+prox------.***********.***.**. 300 IN	A
+prox--------.***********.***.**. 300 IN	A
+prox----------.***********.***.**. 300 IN A
+prox------.***********.***.**. 300 IN	A
+prox----------.***********.***.**. 300 IN A
+pvb.***********.***.**.	300	IN	A
+pvc.***********.***.**.	300	IN	A
+pxc------.***********.***.**. 300 IN	A
+pxc------.***********.***.**. 300 IN	A
+pxc------.***********.***.**. 300 IN	A
+pxc------.***********.***.**. 300 IN	A
+pxc------.***********.***.**. 300 IN	A
+pxc------.***********.***.**. 300 IN	A
+pxc----.***********.***.**. 300	IN	A
+pxc------.***********.***.**. 300 IN	A
+pxc----.***********.***.**. 300	IN	A
+pxc------.***********.***.**. 300 IN	A
+pxc----.***********.***.**. 300	IN	A
+pxc------.***********.***.**. 300 IN	A
+pxcl-.***********.***.**. 300	IN	A
+pxcl---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	A
+rdb0---.***********.***.**. 300	IN	CNAME
+rdb1---.***********.***.**. 300	IN	A
+rdb1---.***********.***.**. 300	IN	A
+rdb1---.***********.***.**. 300	IN	A
+rdb1---.***********.***.**. 300	IN	A
+rdb1-.***********.***.**. 300	IN	A
+rdb1---.***********.***.**. 300	IN	A
+rdb1---.***********.***.**. 300	IN	CNAME
+rds---.***********.***.**. 300	IN	A
+resu---------.***********.***.**. 300 IN NS
+resu---------.***********.***.**. 300 IN NS
+resu---------.***********.***.**. 300 IN NS
+resu---------.***********.***.**. 300 IN NS
+revi---.***********.***.**. 300	IN	NS
+revi---.***********.***.**. 300	IN	NS
+revi---.***********.***.**. 300	IN	NS
+revi---.***********.***.**. 300	IN	NS
+rund---.***********.***.**. 300	IN	A
+scre-.***********.***.**. 300	IN	A
+sear--.***********.***.**. 300	IN	A
+sear----.***********.***.**. 300 IN	A
+seni--.***********.***.**. 300	IN	NS
+seni--.***********.***.**. 300	IN	NS
+seni--.***********.***.**. 300	IN	NS
+seni--.***********.***.**. 300	IN	NS
+serv---.***********.***.**. 300	IN	A
+sh90.***********.***.**. 300	IN	A
+sh90--.***********.***.**. 300	IN	CNAME
+sh90--.***********.***.**. 300	IN	A
+sh90--.***********.***.**. 300	IN	CNAME
+sign--.***********.***.**. 300	IN	A
+sms.***********.***.**.	300	IN	A
+smsd-.***********.***.**. 300	IN	A
+smsd---.***********.***.**. 300	IN	CNAME
+smsd---.***********.***.**. 300	IN	A
+smsd---.***********.***.**. 300	IN	CNAME
+smsw-.***********.***.**. 300	IN	A
+sn01.***********.***.**. 300	IN	A
+sn01--.***********.***.**. 300	IN	CNAME
+sn01--.***********.***.**. 300	IN	A
+sn01--.***********.***.**. 300	IN	CNAME
+sn02.***********.***.**. 300	IN	A
+sn02--.***********.***.**. 300	IN	CNAME
+sn02--.***********.***.**. 300	IN	A
+sn02--.***********.***.**. 300	IN	CNAME
+sn03.***********.***.**. 300	IN	A
+sn03--.***********.***.**. 300	IN	CNAME
+sn03--.***********.***.**. 300	IN	A
+sn03--.***********.***.**. 300	IN	CNAME
+sn04.***********.***.**. 300	IN	A
+sn04--.***********.***.**. 300	IN	CNAME
+sn04--.***********.***.**. 300	IN	A
+sn04--.***********.***.**. 300	IN	CNAME
+sn05.***********.***.**. 300	IN	A
+sn05--.***********.***.**. 300	IN	CNAME
+sn05--.***********.***.**. 300	IN	A
+sn05--.***********.***.**. 300	IN	CNAME
+sn06.***********.***.**. 300	IN	A
+sn06--.***********.***.**. 300	IN	CNAME
+sn06--.***********.***.**. 300	IN	A
+sn06--.***********.***.**. 300	IN	CNAME
+sn07.***********.***.**. 300	IN	A
+sn07--.***********.***.**. 300	IN	CNAME
+sn07--.***********.***.**. 300	IN	A
+sn07--.***********.***.**. 300	IN	CNAME
+sn08.***********.***.**. 300	IN	A
+sn08--.***********.***.**. 300	IN	CNAME
+sn08--.***********.***.**. 300	IN	A
+sn08--.***********.***.**. 300	IN	CNAME
+sn09.***********.***.**. 300	IN	A
+sn09--.***********.***.**. 300	IN	CNAME
+sn09--.***********.***.**. 300	IN	A
+sn09--.***********.***.**. 300	IN	CNAME
+sn10.***********.***.**. 300	IN	A
+sn10--.***********.***.**. 300	IN	CNAME
+sn10--.***********.***.**. 300	IN	A
+sn10--.***********.***.**. 300	IN	CNAME
+sp90.***********.***.**. 300	IN	A
+sp90--.***********.***.**. 300	IN	CNAME
+sp90--.***********.***.**. 300	IN	A
+sp90--.***********.***.**. 300	IN	CNAME
+spid------.***********.***.**. 300 IN	A
+spid-----------.***********.***.**. 300	IN CNAME
+spid-----------.***********.***.**. 300	IN CNAME
+spid------.***********.***.**. 300 IN	A
+spid------.***********.***.**. 300 IN	A
+spid------.***********.***.**. 300 IN	A
+spro--.***********.***.**. 300	IN	A
+sso.***********.***.**.	300	IN	A
+star.***********.***.**. 300	IN	NS
+star.***********.***.**. 300	IN	NS
+star.***********.***.**. 300	IN	NS
+star.***********.***.**. 300	IN	NS
+stat--.***********.***.**. 300	IN	A
+stud---.***********.***.**. 300	IN	NS
+stud---.***********.***.**. 300	IN	NS
+stud---.***********.***.**. 300	IN	NS
+stud---.***********.***.**. 300	IN	NS
+sysb---.***********.***.**. 300	IN	A
+take---.***********.***.**. 300	IN	A
+take-----.***********.***.**. 300 IN	CNAME
+take-----.***********.***.**. 300 IN	A
+take-----.***********.***.**. 300 IN	CNAME
+tale--.***********.***.**. 300	IN	NS
+tale--.***********.***.**. 300	IN	NS
+tale--.***********.***.**. 300	IN	NS
+tale--.***********.***.**. 300	IN	NS
+time-----.***********.***.**. 300 IN	NS
+time-----.***********.***.**. 300 IN	NS
+time-----.***********.***.**. 300 IN	NS
+time-----.***********.***.**. 300 IN	NS
+top.***********.***.**.	300	IN	NS
+top.***********.***.**.	300	IN	NS
+top.***********.***.**.	300	IN	NS
+top.***********.***.**.	300	IN	NS
+tpro--.***********.***.**. 300	IN	CNAME
+tuto-.***********.***.**. 300	IN	A
+m.tutor.***********.***.**. 300	IN	A
+tuto----.***********.***.**. 300 IN	A
+_ccf-----------------------------.developers.***********.***.**.***********.***.**. 300	IN CNAME
+uts.***********.***.**.	300	IN	A
+va.***********.***.**.	300	IN	A
+vip.***********.***.**.	300	IN	A
+auth.vip.***********.***.**. 300 IN	NS
+auth.vip.***********.***.**. 300 IN	NS
+auth.vip.***********.***.**. 300 IN	NS
+auth.vip.***********.***.**. 300 IN	NS
+vip3.***********.***.**. 300	IN	NS
+vip3.***********.***.**. 300	IN	NS
+vip3.***********.***.**. 300	IN	NS
+vip3.***********.***.**. 300	IN	NS
+vipa--.***********.***.**. 300	IN	A
+vipa----.***********.***.**. 300 IN	A
+vipg-.***********.***.**. 300	IN	A
+vipm-.***********.***.**. 300	IN	A
+vipm---.***********.***.**. 300	IN	CNAME
+vipm---.***********.***.**. 300	IN	A
+vipm---.***********.***.**. 300	IN	CNAME
+wage.***********.***.**. 300	IN	A
+wage---.***********.***.**. 300	IN	A
+webs-.***********.***.**. 300	IN	A
+wei.***********.***.**.	300	IN	A
+wish.***********.***.**. 300	IN	A
+wow.***********.***.**.	300	IN	A
+wowa--.***********.***.**. 300	IN	A
+ws-1-----.***********.***.**. 300 IN	A
+ws-j-.***********.***.**. 300	IN	A
+ws-m----.***********.***.**. 300 IN	A
+ws-n--.***********.***.**. 300	IN	CNAME
+wsm.***********.***.**.	300	IN	A
+wsp---.***********.***.**. 300	IN	A
+wsp-----.***********.***.**. 300 IN	A
+wsp-----.***********.***.**. 300 IN	A
+wsp------.***********.***.**. 300 IN	A
+wsp----.***********.***.**. 300	IN	A
+www.***********.***.**.	300	IN	A
+yout-.***********.***.**. 300	IN	NS
+yout-.***********.***.**. 300	IN	NS
+yout-.***********.***.**. 300	IN	NS
+yout-.***********.***.**. 300	IN	NS
+***********.***.**.	300	IN	SOA
+;; Query time: 5
+;; SERVER: 172.20.1.5#53(172.20.1.5)
+;; WHEN: Tue Nov 10 09:13:26 CST
+;; XFR size: 660 records (messages 2, bytes 16795)
+

Look like AXFR answers already sorted by alphabet order. And it lost all domain names after some point of the whole list.

@visig9 commented on GitHub (Nov 10, 2020): If don't care how data produced, just scroll to `diff the two files` section. ## `axfr-test` rust source code ```rust use std::net::{IpAddr, SocketAddr}; use trust_dns_client::{ client::SyncClient, rr::{DNSClass, Name, Record, RecordType}, }; fn main() { let nameserver: IpAddr = [172, 20, 1, 5].into(); let domain: Name = "***********.***.**.".parse().unwrap(); let records = query_axfr(nameserver, &domain); println!("number of record in response answer: {}", records.len()); // NEW: simulate dig output (without rdata part) for record in records.iter() { println!( "{}\t{}\t{}\t{}", record.name(), record.ttl(), record.dns_class(), record.rr_type(), ); } } fn query_axfr(nameserver: IpAddr, domain: &Name) -> Vec<Record> { let client = SyncClient::new( trust_dns_client::tcp::TcpClientConnection::new(SocketAddr::new(nameserver, 53)) .expect("create tcp client connection failed"), ); let response = trust_dns_client::client::Client::query(&client, domain, DNSClass::IN, RecordType::AXFR) .expect("DNS query failed"); println!("number of message in response: {}", response.len()); response .messages() .map(|msg| msg.answers()) .flatten() .cloned() .collect() } ``` ## Get output ```sh dig -t axfr ***********.***.**. @172.20.1.5 > axfr.txt ./axfr-test > axfr-test-result.txt ``` Then convert `dig-result.txt` to `dig-result-modified.txt` by remove data part from all line of records. ## diff the two files ```sh diff -u --ignore-space-change axfr-test-result.txt dig-result-modified.txt > diff.txt ``` `diff.txt`: (already mask some sensitive domain data) ```diff --- axfr-test-result.txt 2020-11-10 09:47:58.000000000 +0800 +++ dig-result-modified.txt 2020-11-10 10:12:06.000000000 +0800 @@ -1,5 +1,6 @@ -number of message in response: 1 -number of record in response answer: 405 + +; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t axfr +;; global options: +cmd ***********.***.**. 300 IN SOA ***********.***.**. 300 IN MX ***********.***.**. 300 IN NS @@ -405,3 +406,263 @@ oidc.***********.***.**. 300 IN A oidc------.***********.***.**. 300 IN A oms0-.***********.***.**. 300 IN A +oms0-.***********.***.**. 300 IN A +oms0-.***********.***.**. 300 IN A +oms0-.***********.***.**. 300 IN A +oms0-.***********.***.**. 300 IN A +oms0-.***********.***.**. 300 IN A +oms0-.***********.***.**. 300 IN A +oms0-.***********.***.**. 300 IN A +oms0-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms1-.***********.***.**. 300 IN A +oms2-.***********.***.**. 300 IN A +oms2-.***********.***.**. 300 IN A +oms2-.***********.***.**. 300 IN A +oms2-.***********.***.**. 300 IN A +oms2-.***********.***.**. 300 IN A +oms2-.***********.***.**. 300 IN A +oms9-.***********.***.**. 300 IN A +pda.***********.***.**. 300 IN A +plus.***********.***.**. 300 IN NS +plus.***********.***.**. 300 IN NS +plus.***********.***.**. 300 IN NS +plus.***********.***.**. 300 IN NS +plus-------.***********.***.**. 300 IN A +plus--------.***********.***.**. 300 IN A +plus----.***********.***.**. 300 IN A +plus----.***********.***.**. 300 IN A +plus---.***********.***.**. 300 IN A +plus---.***********.***.**. 300 IN A +pmm.***********.***.**. 300 IN A +port--.***********.***.**. 300 IN A +ppus-.***********.***.**. 300 IN A +prer-----.***********.***.**. 300 IN NS +prer-----.***********.***.**. 300 IN NS +prer-----.***********.***.**. 300 IN NS +prer-----.***********.***.**. 300 IN NS +pro.***********.***.**. 300 IN NS +pro.***********.***.**. 300 IN NS +pro.***********.***.**. 300 IN NS +pro.***********.***.**. 300 IN NS +prof---.***********.***.**. 300 IN NS +prof---.***********.***.**. 300 IN NS +prof---.***********.***.**. 300 IN NS +prof---.***********.***.**. 300 IN NS +prom--.***********.***.**. 300 IN A +prox------.***********.***.**. 300 IN CNAME +prox----------.***********.***.**. 300 IN A +prox------.***********.***.**. 300 IN CNAME +prox----------.***********.***.**. 300 IN A +prox----------.***********.***.**. 300 IN A +prox------.***********.***.**. 300 IN A +prox----------.***********.***.**. 300 IN A +prox------.***********.***.**. 300 IN A +prox--------.***********.***.**. 300 IN A +prox----------.***********.***.**. 300 IN A +prox------.***********.***.**. 300 IN A +prox----------.***********.***.**. 300 IN A +pvb.***********.***.**. 300 IN A +pvc.***********.***.**. 300 IN A +pxc------.***********.***.**. 300 IN A +pxc------.***********.***.**. 300 IN A +pxc------.***********.***.**. 300 IN A +pxc------.***********.***.**. 300 IN A +pxc------.***********.***.**. 300 IN A +pxc------.***********.***.**. 300 IN A +pxc----.***********.***.**. 300 IN A +pxc------.***********.***.**. 300 IN A +pxc----.***********.***.**. 300 IN A +pxc------.***********.***.**. 300 IN A +pxc----.***********.***.**. 300 IN A +pxc------.***********.***.**. 300 IN A +pxcl-.***********.***.**. 300 IN A +pxcl---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN A +rdb0---.***********.***.**. 300 IN CNAME +rdb1---.***********.***.**. 300 IN A +rdb1---.***********.***.**. 300 IN A +rdb1---.***********.***.**. 300 IN A +rdb1---.***********.***.**. 300 IN A +rdb1-.***********.***.**. 300 IN A +rdb1---.***********.***.**. 300 IN A +rdb1---.***********.***.**. 300 IN CNAME +rds---.***********.***.**. 300 IN A +resu---------.***********.***.**. 300 IN NS +resu---------.***********.***.**. 300 IN NS +resu---------.***********.***.**. 300 IN NS +resu---------.***********.***.**. 300 IN NS +revi---.***********.***.**. 300 IN NS +revi---.***********.***.**. 300 IN NS +revi---.***********.***.**. 300 IN NS +revi---.***********.***.**. 300 IN NS +rund---.***********.***.**. 300 IN A +scre-.***********.***.**. 300 IN A +sear--.***********.***.**. 300 IN A +sear----.***********.***.**. 300 IN A +seni--.***********.***.**. 300 IN NS +seni--.***********.***.**. 300 IN NS +seni--.***********.***.**. 300 IN NS +seni--.***********.***.**. 300 IN NS +serv---.***********.***.**. 300 IN A +sh90.***********.***.**. 300 IN A +sh90--.***********.***.**. 300 IN CNAME +sh90--.***********.***.**. 300 IN A +sh90--.***********.***.**. 300 IN CNAME +sign--.***********.***.**. 300 IN A +sms.***********.***.**. 300 IN A +smsd-.***********.***.**. 300 IN A +smsd---.***********.***.**. 300 IN CNAME +smsd---.***********.***.**. 300 IN A +smsd---.***********.***.**. 300 IN CNAME +smsw-.***********.***.**. 300 IN A +sn01.***********.***.**. 300 IN A +sn01--.***********.***.**. 300 IN CNAME +sn01--.***********.***.**. 300 IN A +sn01--.***********.***.**. 300 IN CNAME +sn02.***********.***.**. 300 IN A +sn02--.***********.***.**. 300 IN CNAME +sn02--.***********.***.**. 300 IN A +sn02--.***********.***.**. 300 IN CNAME +sn03.***********.***.**. 300 IN A +sn03--.***********.***.**. 300 IN CNAME +sn03--.***********.***.**. 300 IN A +sn03--.***********.***.**. 300 IN CNAME +sn04.***********.***.**. 300 IN A +sn04--.***********.***.**. 300 IN CNAME +sn04--.***********.***.**. 300 IN A +sn04--.***********.***.**. 300 IN CNAME +sn05.***********.***.**. 300 IN A +sn05--.***********.***.**. 300 IN CNAME +sn05--.***********.***.**. 300 IN A +sn05--.***********.***.**. 300 IN CNAME +sn06.***********.***.**. 300 IN A +sn06--.***********.***.**. 300 IN CNAME +sn06--.***********.***.**. 300 IN A +sn06--.***********.***.**. 300 IN CNAME +sn07.***********.***.**. 300 IN A +sn07--.***********.***.**. 300 IN CNAME +sn07--.***********.***.**. 300 IN A +sn07--.***********.***.**. 300 IN CNAME +sn08.***********.***.**. 300 IN A +sn08--.***********.***.**. 300 IN CNAME +sn08--.***********.***.**. 300 IN A +sn08--.***********.***.**. 300 IN CNAME +sn09.***********.***.**. 300 IN A +sn09--.***********.***.**. 300 IN CNAME +sn09--.***********.***.**. 300 IN A +sn09--.***********.***.**. 300 IN CNAME +sn10.***********.***.**. 300 IN A +sn10--.***********.***.**. 300 IN CNAME +sn10--.***********.***.**. 300 IN A +sn10--.***********.***.**. 300 IN CNAME +sp90.***********.***.**. 300 IN A +sp90--.***********.***.**. 300 IN CNAME +sp90--.***********.***.**. 300 IN A +sp90--.***********.***.**. 300 IN CNAME +spid------.***********.***.**. 300 IN A +spid-----------.***********.***.**. 300 IN CNAME +spid-----------.***********.***.**. 300 IN CNAME +spid------.***********.***.**. 300 IN A +spid------.***********.***.**. 300 IN A +spid------.***********.***.**. 300 IN A +spro--.***********.***.**. 300 IN A +sso.***********.***.**. 300 IN A +star.***********.***.**. 300 IN NS +star.***********.***.**. 300 IN NS +star.***********.***.**. 300 IN NS +star.***********.***.**. 300 IN NS +stat--.***********.***.**. 300 IN A +stud---.***********.***.**. 300 IN NS +stud---.***********.***.**. 300 IN NS +stud---.***********.***.**. 300 IN NS +stud---.***********.***.**. 300 IN NS +sysb---.***********.***.**. 300 IN A +take---.***********.***.**. 300 IN A +take-----.***********.***.**. 300 IN CNAME +take-----.***********.***.**. 300 IN A +take-----.***********.***.**. 300 IN CNAME +tale--.***********.***.**. 300 IN NS +tale--.***********.***.**. 300 IN NS +tale--.***********.***.**. 300 IN NS +tale--.***********.***.**. 300 IN NS +time-----.***********.***.**. 300 IN NS +time-----.***********.***.**. 300 IN NS +time-----.***********.***.**. 300 IN NS +time-----.***********.***.**. 300 IN NS +top.***********.***.**. 300 IN NS +top.***********.***.**. 300 IN NS +top.***********.***.**. 300 IN NS +top.***********.***.**. 300 IN NS +tpro--.***********.***.**. 300 IN CNAME +tuto-.***********.***.**. 300 IN A +m.tutor.***********.***.**. 300 IN A +tuto----.***********.***.**. 300 IN A +_ccf-----------------------------.developers.***********.***.**.***********.***.**. 300 IN CNAME +uts.***********.***.**. 300 IN A +va.***********.***.**. 300 IN A +vip.***********.***.**. 300 IN A +auth.vip.***********.***.**. 300 IN NS +auth.vip.***********.***.**. 300 IN NS +auth.vip.***********.***.**. 300 IN NS +auth.vip.***********.***.**. 300 IN NS +vip3.***********.***.**. 300 IN NS +vip3.***********.***.**. 300 IN NS +vip3.***********.***.**. 300 IN NS +vip3.***********.***.**. 300 IN NS +vipa--.***********.***.**. 300 IN A +vipa----.***********.***.**. 300 IN A +vipg-.***********.***.**. 300 IN A +vipm-.***********.***.**. 300 IN A +vipm---.***********.***.**. 300 IN CNAME +vipm---.***********.***.**. 300 IN A +vipm---.***********.***.**. 300 IN CNAME +wage.***********.***.**. 300 IN A +wage---.***********.***.**. 300 IN A +webs-.***********.***.**. 300 IN A +wei.***********.***.**. 300 IN A +wish.***********.***.**. 300 IN A +wow.***********.***.**. 300 IN A +wowa--.***********.***.**. 300 IN A +ws-1-----.***********.***.**. 300 IN A +ws-j-.***********.***.**. 300 IN A +ws-m----.***********.***.**. 300 IN A +ws-n--.***********.***.**. 300 IN CNAME +wsm.***********.***.**. 300 IN A +wsp---.***********.***.**. 300 IN A +wsp-----.***********.***.**. 300 IN A +wsp-----.***********.***.**. 300 IN A +wsp------.***********.***.**. 300 IN A +wsp----.***********.***.**. 300 IN A +www.***********.***.**. 300 IN A +yout-.***********.***.**. 300 IN NS +yout-.***********.***.**. 300 IN NS +yout-.***********.***.**. 300 IN NS +yout-.***********.***.**. 300 IN NS +***********.***.**. 300 IN SOA +;; Query time: 5 +;; SERVER: 172.20.1.5#53(172.20.1.5) +;; WHEN: Tue Nov 10 09:13:26 CST +;; XFR size: 660 records (messages 2, bytes 16795) + ``` Look like AXFR answers already sorted by alphabet order. And it lost all domain names after some point of the whole list.

kerem commented

2026-03-15 23:36:30 +03:00

Author

Owner

@djc commented on GitHub (Nov 10, 2020):

So it looks like that would indeed be due to not properly reading the second message.

@djc commented on GitHub (Nov 10, 2020): So it looks like that would indeed be due to not properly reading the second message.

kerem commented

2026-03-15 23:36:35 +03:00

Author

Owner

@bluejekyll commented on GitHub (Nov 10, 2020):

It's entirely possible that we have a bug with AXFR. We may not be holding the client stream open for more than a single message. There is an existing bug for this in fact. I just haven't had time to consider how we'll fix this, as I think it means switching into a different mode for AXFR. Though, the async interface probably should change, and in fact, the way we process mDNS has similar issues, as well as Happy Eye Balls (ipv4 and ipv6 lookup). We should probably be returning an async Stream interface to read all the messages in the AXFR case (and the others). It may mean a refactor of a bunch of inner components.

See similar discussion here: #351 (edit: this is the server side, rather than the client, but similar issue, i.e. only a single message is being used for AXFR responses)

@bluejekyll commented on GitHub (Nov 10, 2020): It's entirely possible that we have a bug with AXFR. We may not be holding the client stream open for more than a single message. There is an existing bug for this in fact. I just haven't had time to consider how we'll fix this, as I think it means switching into a different mode for AXFR. Though, the async interface probably should change, and in fact, the way we process mDNS has similar issues, as well as Happy Eye Balls (ipv4 and ipv6 lookup). We should probably be returning an async Stream interface to read all the messages in the AXFR case (and the others). It may mean a refactor of a bunch of inner components. See similar discussion here: #351 (edit: this is the server side, rather than the client, but similar issue, i.e. only a single message is being used for AXFR responses)

kerem commented

2026-03-15 23:36:40 +03:00

Author

Owner

@trinity-1686a commented on GitHub (May 22, 2021):

this should be fixed by #1478

@trinity-1686a commented on GitHub (May 22, 2021): this should be fixed by #1478

kerem commented

2026-03-15 23:36:45 +03:00

Author

Owner

@csarn commented on GitHub (Jul 22, 2022):

I'm not sure if this ever was fixed, but currently (trust-dns-client 0.21.2) the problem still exists.
A DnsResponse to an AXFR query only contains roughly 550 records, probably depending on size of each record. This seems to be the content of only one Message, even if the server responds with multiple Messages.

Is there a way get all records since #1478 ?

While I came across this problem during stress-testing, I actually planned on using trust-dns-client AXFR for a live zone that exceeds a single message for transfer. This is not a large zone, but DNSSEC adds a lot of records (and quite large ones).

@csarn commented on GitHub (Jul 22, 2022): I'm not sure if this ever was fixed, but currently (trust-dns-client 0.21.2) the problem still exists. A DnsResponse to an AXFR query only contains roughly 550 records, probably depending on size of each record. This seems to be the content of only one Message, even if the server responds with multiple Messages. Is there a way get all records since #1478 ? While I came across this problem during stress-testing, I actually planned on using trust-dns-client AXFR for a live zone that exceeds a single message for transfer. This is not a large zone, but DNSSEC adds a lot of records (and quite large ones).

kerem commented

2026-03-15 23:36:50 +03:00

Author

Owner

@trinity-1686a commented on GitHub (Jul 23, 2022):

Instead of Client::query, you should use Client::zone_transfer, and hopefully it will work.

@trinity-1686a commented on GitHub (Jul 23, 2022): Instead of [`Client::query`](https://docs.rs/trust-dns-client/latest/trust_dns_client/client/trait.ClientHandle.html#method.query), you should use [`Client::zone_transfer`](https://docs.rs/trust-dns-client/latest/trust_dns_client/client/trait.ClientHandle.html#method.zone_transfer), and hopefully it will work.

kerem commented

2026-03-15 23:36:55 +03:00

Author

Owner

@csarn commented on GitHub (Jul 23, 2022):

Thanks, it does indeed work!

@csarn commented on GitHub (Jul 23, 2022): Thanks, it does indeed work!

kerem commented

2026-03-15 23:37:00 +03:00

Author

Owner

@bluejekyll commented on GitHub (Jul 23, 2022):

Closing this with the above answer. And thank you for following up @trinity-1686a !

@bluejekyll commented on GitHub (Jul 23, 2022): Closing this with the above answer. And thank you for following up @trinity-1686a !