On Jun 23, 2009, at 3:01 PM, Hauke Lampe wrote:
Scott Haneda wrote:
$dig sugardimplesdesigns.com SOA @ns1.hostwizard.com +short
Do you block 53/tcp anywhere on the path to your nameserver?
It rejects TCP queries:
| dig +tcp sugardimplesdesigns.com SOA @ns1.hostwizard.com +short
| ;; Connection to 64.84.37.14#53(64.84.37.14) for
sugardimplesdesigns.com failed: connection refused.
This matches the error log from your secondary:
Description:
transfer of 'sugardimplesdesigns.com/IN' from 64.84.37.14#53:
failed to
connect: connection refused
You must allow TCP to port 53 for DNS to function properly.
Appears to me I am refusing them, I do not see it in my logs, what
logs
would be it in, or what logging statements would I turn on to be
able to
diagnose this?
I would probably first check if the server actually listens on 53/tcp
(with fuser, netstat or similar) and then use tcpdump.
Good observation. This is a long standing issue that I assumed was
solved. Named on OS X will go deaf on port 53 tcp for some reason. I
just kicked it, and now I can tcp dig it.
$dig +tcp sugardimplesdesigns.com SOA @ns1.hostwizard.com +short
ns1.hostwizard.com. scott.hostwizard.com. 2009062206 28800 7200
2419200 3600
I now the men and mice guys are familiar with this, if you guys are
reading, have you ever pinned this down, or found a solution to it?
--
Scott * If you contact me off list replace talklists@ with scott@ *
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
