>Len Conrad: >> >>> Did you use the same resolv.conf on the same host. >> >> >> >>Did you do the lookups as an UNPRIVILEGED user. >> >> >> >>You are giving zero details, so I have to start at the bottom. >> > >> >I'm logged into the postscreen machine and su to root to work on postfix >> >and run dig. > >Well that is your mistake. You must do the tests as an UNPRIVILEGED user. >Not root, not group wheel, none of that. It is a very basic beginner >mistake to mess up some directory permission so that an unprivileged >program no longer works, but all tests as root succeed as expected. > > Wietse
It's a basic beginner mistake, but it's not my mistake, nor the problem. :) I didn't setup the DNS for the zone zen.rbldnsd.domain.net. And it was setup wrong, actually not setup/delegated at all. the authoritative NS ns1.domain.net returned only the A records for the zen.rbldnsd.domain.net, not the NS delegation records (there weren't any). So, all RBL queries stopped an NS1, were answered negatively (not RBL hit) rather than being referred to the RBL NS. I got the client to have ns1 delegate zen zone to the zen NS, so postscreen is working into the private zen NS. Len
