Exactly. I'm going to have to trace the queries with a sniffer or something and see where things are dying. I tried dig -b 148.165.30.30 +norec +tcp -x 10.0.2.252 @148.165.126.87 and it worked, which makes sense since I'm slaving their forward zone at the moment. For some reason UDP isn't working. I'll get back when I have a better idea what's going on but it apparently isn't my configuration at this point.
-----Original Message----- From: Chris Buxton [mailto:cbux...@menandmice.com] Sent: Thursday, May 07, 2009 1:19 PM To: Mike Bernhardt Cc: bind-users@lists.isc.org Subject: Re: Delegation not working Mike, That was two separate commands. dig +norec -x 10.0.2.252 @148.165.126.87 and dig +norec -x 10.0.2.252 @10.2.242.222 So most of what you sent back is gibberish. However, at the top, there is the message "connection timed out; no servers could be reached". There's at least part of your problem. Chris Buxton Professional Services Men & Mice On May 7, 2009, at 12:50 PM, Mike Bernhardt wrote: > That gave me: > dig +norec -x 10.0.2.252 @148.165.126.87 dig +norec -x 10.0.2.252 > @10.2.242.222 > ;; connection timed out; no servers could be reached > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34563 > ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14 > > ;; QUESTION SECTION: > ;dig. IN A > > ;; AUTHORITY SECTION: > . 162058 IN NS C.ROOT-SERVERS.NET. > . 162058 IN NS D.ROOT-SERVERS.NET. > . 162058 IN NS E.ROOT-SERVERS.NET. > . 162058 IN NS F.ROOT-SERVERS.NET. > . 162058 IN NS G.ROOT-SERVERS.NET. > . 162058 IN NS H.ROOT-SERVERS.NET. > . 162058 IN NS I.ROOT-SERVERS.NET. > . 162058 IN NS J.ROOT-SERVERS.NET. > . 162058 IN NS K.ROOT-SERVERS.NET. > . 162058 IN NS L.ROOT-SERVERS.NET. > . 162058 IN NS M.ROOT-SERVERS.NET. > . 162058 IN NS A.ROOT-SERVERS.NET. > . 162058 IN NS B.ROOT-SERVERS.NET. > > ;; ADDITIONAL SECTION: > A.ROOT-SERVERS.NET. 599086 IN A 198.41.0.4 > A.ROOT-SERVERS.NET. 552012 IN AAAA 2001:503:ba3e::2:30 > B.ROOT-SERVERS.NET. 35325 IN A 192.228.79.201 > C.ROOT-SERVERS.NET. 599099 IN A 192.33.4.12 > D.ROOT-SERVERS.NET. 599100 IN A 128.8.10.90 > E.ROOT-SERVERS.NET. 599101 IN A 192.203.230.10 > F.ROOT-SERVERS.NET. 599102 IN A 192.5.5.241 > F.ROOT-SERVERS.NET. 552012 IN AAAA 2001:500:2f::f > G.ROOT-SERVERS.NET. 599090 IN A 192.112.36.4 > H.ROOT-SERVERS.NET. 599091 IN A 128.63.2.53 > H.ROOT-SERVERS.NET. 552012 IN AAAA 2001:500:1::803f:235 > I.ROOT-SERVERS.NET. 599092 IN A 192.36.148.17 > J.ROOT-SERVERS.NET. 208142 IN A 192.58.128.30 > J.ROOT-SERVERS.NET. 208142 IN AAAA 2001:503:c27::2:30 > > ;; Query time: 0 msec > ;; SERVER: 148.165.30.30#53(148.165.30.30) > ;; WHEN: Thu May 7 12:52:39 2009 > ;; MSG SIZE rcvd: 504 > > > ; <<>> DiG 9.3.4 <<>> +norec -x 10.0.2.252 @148.165.126.87 dig > +norec -x > 10.0.2.252 @10.2.242.222 > ; (1 server found) > ;; global options: printcmd > ;; connection timed out; no servers could be reached > > -----Original Message----- > From: Chris Buxton [mailto:cbux...@menandmice.com] > Sent: Thursday, May 07, 2009 12:50 PM > To: Mike Bernhardt > Cc: bind-users@lists.isc.org > Subject: Re: Delegation not working > > On May 7, 2009, at 12:37 PM, Mike Bernhardt wrote: >> And dig gives me this: >> dig +norec @athena -x 10.0.2.252 >> >> ;; QUESTION SECTION: >> ;252.2.0.10.in-addr.arpa. IN PTR >> >> ;; AUTHORITY SECTION: >> 0.10.in-addr.arpa. 14400 IN NS mrep-02.adm.bart.gov. >> 0.10.in-addr.arpa. 14400 IN NS dhcp-01.adm.bart.gov. >> >> ;; ADDITIONAL SECTION: >> dhcp-01.adm.bart.gov. 86400 IN A 148.165.126.87 >> mrep-02.adm.bart.gov. 86400 IN A 10.2.242.222 > > That looks perfect. > >> Without +norec, it times out. > > > OK, now we're getting somewhere. Why would the server "athena" have > trouble querying those two servers? Try this from "athena" itself: > > dig +norec -x 10.0.2.252 @148.165.126.87 > dig +norec -x 10.0.2.252 @10.2.242.222 > > Chris Buxton > Professional Services > Men & Mice > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
