In article <mailman.490.1287172931.555.bind-us...@lists.isc.org>, Eric Ritchie <eritc...@interactivebrokers.com> wrote:
> When doing a nslookup of a non-existent host on the same network as > the bind servers, there is a delay. If I do the same nslookup from a > host on a different network, the response is immediate. My guess is that the server allows recursion for clients on the same network, but doesn't allow it for clients on a different network. But there's something blocking its ability to recurse. > > host a is on the same network as bind servers, host b is on different > network: > > hostb$ nslookup dev600 > Server: 131.210.30.200 > Address: 131.210.30.200#53 > > ** server can't find dev600: REFUSED > > hosta $ nslookup dev600 > ;; connection timed out; no servers could be reached > > tcpdump on server: > 15:53:38.535453 IP hosta.ibg.28346> bindsrv.domain: 36663+ A? dev600.ibg. > (28) > 15:53:38.535582 IP bindsrv.domain> hosta.ibg.28346: 36663 NXDomain* 0/1/0 > (75) > 15:53:38.535834 IP hosta.ibg.23719> bindsrv.domain: 44929+ A? dev600. (24) > > > 15:53:21.233381 IP hostb.ibg.51921> bindsrv.domain: 38869+ A? dev600.ibg. > (28) > 15:53:21.233750 IP bindsrv.domain> hostb.ibg.51921: 38869 NXDomain*- 0/1/0 > (75) > 15:53:21.234022 IP hostb.ibg.43283> bindsrv.domain: 41973+ A? dev600. (24) > 15:53:21.234181 IP bindsrv.domain> hostb.ibg.43283: 41973 Refused- 0/0/0 > (24) > > > We have several locations with similar setups and all see the same > issue. They are running different versions also, one is 9.4.2 and one is > 9.7.0-P1. The /etc/resolv.conf file is: > > search ibg > options rotate > options ndots:3 > nameserver 131.210.30.200 > nameserver 131.210.30.201 > nameserver 131.210.30.202 > nameserver 131.210.30.203 > > Thanks -- Barry Margolin, bar...@alum.mit.edu Arlington, MA *** PLEASE don't copy me on replies, I'll read them in the group *** _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
