Op 05-03-19 om 16:32 schreef Matus UHLAR - fantomas: >>> On 05.03.19 14:41, Paul van der Vlis wrote: >>>> This was a long time ago. In the meantime I have rebooted the server. >>>> >>>> What I see, is that the resolving does not work from other locations. >>>> >>>> Only when I use my own nameserver the domain is resolved, and it gives >>>> an "Non-authoritative answer". >>> >>> both kinds of behaviour indicate that the domain is not configured on >>> your >>> BIND server, but it was resolved using recursion >>> >>>> Any idea how to delete this? >>> >>> delete what? the domain does not exist now, but it's configured and >>> delegated. your BIND may have cached local copy, or you have >>> forwarding set> to a server which does know the domain. >> >> No, I have never done that. >> >>> can you use "dig" instead of "host" to see what does your BIND know? >>> >>> dig any extensus.nl. > > On 05.03.19 16:20, Paul van der Vlis wrote: >> root@ns1:/etc/bind/domeinen# dig any @localhost extensus.nl >> >> ; <<>> DiG 9.10.3-P4-Debian <<>> any @localhost extensus.nl >> ; (2 servers found) >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 57790 > ^^^^^^^^ > SERVFAIL here. > >> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ;; QUESTION SECTION: >> ;extensus.nl. IN ANY >> >> ;; Query time: 53 msec >> ;; SERVER: ::1#53(::1) >> ;; WHEN: Tue Mar 05 16:12:54 CET 2019 >> ;; MSG SIZE rcvd: 40 >> >> root@ns1:/etc/bind/domeinen# >> --------- > > this is the proper and expected response, since the extensus.nl domain is > delegated to servers that don't know about it. >> But... I think I found it: >> ---------- >> root@ns1:/etc/bind/domeinen# rndc flushtree extensus.nl >> root@ns1:/usr/local/sbin# nslookup extensus.nl localhost >> ;; Got SERVFAIL reply from ::1, trying next server >> Server: localhost >> Address: 127.0.0.1#53 >> >> ** server can't find extensus.nl: SERVFAIL >> >> root@ns1:/usr/local/sbin# >> ---------- > > this is in fact the same result, using the obsolete "nslookup" command > see the SERVFAIL in dig output above.
Dig does something else then nslookup. Nslookup gave response before the "rndc flushtree", dig did not. With regards, Paul van der Vlis -- Paul van der Vlis Linux systeembeheer Groningen https://www.vandervlis.nl/ _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
