I've double checked our nameserver config and there shouldn't be any stub
involved when resolving this domain, we don't have forwarder configured.
After flush the cache or the cache expires itself(the ttl is short), bind
almost always hit another server and works, we have 9 named resolvers,
anytime I checked there are always one or two(not the same ones) has
problem with this domain.
The nameserver is dedicated and on RHEL 6.8, tcpdump command:
tcpdump -i any -nn port 53
Here is named.conf, please let me know if there is anythings else needed:
include "/etc/rndc.key";
include "/named/acl";
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { localkey; };
};
options {
listen-on-v6 { any; };
listen-on { any; };
directory "/named";
dump-file "/var/run/named_dump.db";
pid-file "/var/run/named.pid";
recursing-file "/var/run/named.recursing";
statistics-file "/var/run/named.stats";
transfer-format many-answers;
max-transfer-time-in 60;
resolver-query-timeout 30;
check-names master ignore;
check-names slave ignore;
check-names response ignore;
datasize default;
stacksize default;
coresize default;
files unlimited;
recursion yes;
notify no;
auth-nxdomain no;
version "unknown";
response-policy { zone "dns-policy.rpz.zone"; };
allow-transfer { xfer; };
allow-query { all-allowed; };
allow-query-cache { all-allowed; };
allow-recursion { all-allowed; };
blackhole { bogon; };
include "validate";
include "anycast.server";
};
server fe80::/16 { bogus yes; };
server ::/0 { bogus yes; };
include "logging.conf";
include "trusted-keys.conf";
include "gen.conf";
include "rpz.conf";
include "Secondary.conf";
Thanks!!
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
