On 8 September 2013 12:06, Carol Overes <ca...@overes.net> wrote: > Apologies if my approach was not clear, after Steve's mail. But I tested > by using dig without the +trace option. I have tested the following from > an IP, which is accepted via the trusted ACL: > > dig @10.10.10.1 www.domain2.com A > dig @10.10.10.1 domain2.com NS > > And directly from the internal DNS server 10.10.10.1: > > dig @127.0.0.1 www.domain2.com A > dig @127.0.0.1 domain2.com NS
In order to help further you're going to have to post real domain names and the full unmodified output of command+response from dig so we can see the fully response. Also, if you can, retake the packet capture and then filter out only DNS packets and upload the capture somewhere so we can take a look at the packets. Steve _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users