From the output of your dig command you show that you are running a MacOSX system. Are you running the firewall on this system also? That may be dropping the TCP communication.
Be aware that Apple's DNS server configrration throws every bell and whistle into the config. If you really are serious about running a DNS server under MacOSX, then make a post on the MacOSX-server list and step back for all of the reasons this isn't a good idea, at least not using what Apple give you. Bill Larson and sorry about the top posting, but this was ... Sent from Garminfone by T-Mobile. Scott Haneda <talkli...@newgeo.com> wrote: >Hello, I have set up a new BIND/named server, being backed by DLZ in this >case, though I don't think that will have any bearing on my question. > >This NS is not publicly known or listed as an NS anywhere as of yet, so it is >only my own testing that has hit the machine. If I perform a dig request, the >first request returns additional data, any subsequent lookups return no >additional data. Does anyone know why this is? > >I also seem to have issues when forcing tcp, does anyone have any ideas what >that could be caused by? Is there a setting in named.conf that controls >udp/tcp or should I be talking to the network admin about this? > >I have to obfuscate this data, I apologize for that... > >== First dig request, never been looked up before > ; <<>> DiG 9.6.0-APPLE-P2 <<>> @63.251.yyy.yy example.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41088 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;example.com. IN A > > ;; ANSWER SECTION: > example.com. 3600 IN A 208.122.xxx.xx > > ;; AUTHORITY SECTION: > example.com. 86400 IN NS ns2.some-nameserver.com. > example.com. 86400 IN NS ns1.some-nameserver.com. > > ;; ADDITIONAL SECTION: > ns1.some-nameserver.com. 86400 IN A 208.122.xxx.xx > ns2.some-nameserver.com. 86400 IN A 208.122.226.214 > >== Second dig request, moments after the first > ;; Query time: 41 msec > ;; SERVER: 63.251.yyy.yy#53(63.251.yyy.yy) > ;; WHEN: Wed Sep 15 12:15:48 2010 > ;; MSG SIZE rcvd: 136 > > > ; <<>> DiG 9.6.0-APPLE-P2 <<>> @63.251.yyy.yy example.com > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20029 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;example.com. IN A > > ;; ANSWER SECTION: > example.com. 3600 IN A 208.122.xxx.xx > > ;; Query time: 37 msec > ;; SERVER: 63.251.yyy.yy#53(63.251.yyy.yy) > ;; WHEN: Wed Sep 15 12:15:50 2010 > ;; MSG SIZE rcvd: 55 > >And trying to see what is going on with tcp or udp... > >$dig @63.251.yyy.yy example.com +tcp >;; Connection to 63.251.yyy.yy#53(63.251.yyy.yy) for example.com failed: >connection refused. > >If I do the same thing with +notcp, I get the result in example #2 above, >where there is no additional section. > >Thank you for any assistance, I appreciate it. > >-- >Scott (* For off-list contact, replace talklists@ with scott@ *) > >_______________________________________________ >bind-users mailing list >bind-users@lists.isc.org >https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
