On Thu, Jun 25, 2015 at 11:55:06AM +0100, Graham Stephens wrote: > I haven't used dig before, I hope these are what you're after. They do show > different results to nslookup. These are all taken from the local machine. > > dig blahms01 and dig @127.0.0.1 blahms01 return: > > ; <<>> DiG 9.4.2-P2 <<>> blahms01 > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 36213 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;blahms01. IN A > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Thu Jun 25 11:15:55 2015 > ;; MSG SIZE rcvd: 26 >
As you can see, the question you are asking the DNS server here is for the domain "blahms01." which I am pretty sure you have not configured in NSD, and this explains the REFUSED result. dig(1) does not care about any "search" options in /etc/resolv.conf, it will not try to create FQDNs out of the name you wrote. > --- > dig blahms01.domain.com and dig @127.0.0.1 blahms01.domain.com return: > > ; <<>> DiG 9.4.2-P2 <<>> blahms01.domain.com > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53224 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;blahms01.domain.com. IN A > > ;; ANSWER SECTION: > blahms01.domain.com. 21600 IN A 10.0.10.2 > > ;; AUTHORITY SECTION: > domain.com. 21600 IN NS blahfw01.domain.com. > > ;; ADDITIONAL SECTION: > blahfw01.domain.com. 21600 IN A 127.0.0.1 > > ;; Query time: 0 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Thu Jun 25 11:18:41 2015 > ;; MSG SIZE rcvd: 97 > Here we can see that you have successfully queried NSD for blahms01.domain.com. We can also see, as was shown with nslookup, the warning about recursion: "recursion requested but not available". This is normal, since NSD will only serve zones it is authoritative for. This also means you would not query NSD for "openbsd.org" for example, since NSD will not handle such an recursive query for you. For this you need unbound. -- Patrik Lundin
