Run ‘dig +trace +all internet-dns1.state.ma.us’ which will show you the glue
records then try ‘dig +dnssec +norec internet-dns1.state.ma.us @’ for
all the addresses in the glue records.
e.g.
dig +dnssec +norec internet-dns1.state.ma.us @146.243.122.17
Mark
> On 10 Feb 2021, at 14:50, sam
Do you know about mxtoolbox.com? It (and other similar sites) does a good job
of diagnosing DNS-related problems. I use it now and then to check out my own
sites, as it gives a "second opinion".
In particular its "DNS Lookup' function reported the following for
"internet-dns1.state.ma.us"
Ty
Thanks Mark.
However, the traceroute to the hostnamed failed for the same reason.
Please note:
[root@myhost data]# dig internet-dns1.state.ma.us
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> internet-dns1.state.ma.us
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, s
Well you could try tracing the addresses of the nameservers for which
there where errors reported. It could be as simple as a routing issue
between you and these servers.
> On 10 Feb 2021, at 13:25, sami's strat wrote:
>
> couldn't get address for 'internet-dns1.state.ma.us': not found
> couldn
I'm running BIND 9.11 on a CentOS 7 VM/ BIND is giving me the wrong answer
for a single domain. I've cleared cache, restarted BIND, restarted the
server, and ensured that I don't have the referenced domain anywhere in my
configuration hardcoded.
Please note the following query:
[root@myhost ~]
On 09 Feb 2021, at 16:19, Mal via bind-users wrote:
> On 09/02/2021 10:47 pm, @ wrote:
>> Well, I have finally ogttenteh test zone to the point where dnssec-verify is
>> happy and everything that I can check also seems happy except dnsviz which
>> is very very VERY angry and basically says the z
On 09/02/2021 10:47 pm, @ wrote:
> Well, I have finally ogttenteh test zone to the point where dnssec-verify is
> happy and everything that I can check also seems happy except dnsviz which is
> very very VERY angry and basically says the zone is entirely garabge. I am
> hoping this is a propag
“forward” does not mean “proxy". Additionally servers out on the internet make
iterative queries. They are non-recursive *AND* follow delegations. Making a
proxy work is more that just relaying the request and the response.
BIND does not support proxying other servers.
> On 10 Feb 2021, at 0
Hey there,
I am having an issue forwarding DNS queries and was hoping, that one of you
might be able to help me:
I have the following setup:
DNS-Server reachable from the internet, is authoritative for zone foo.com
DNS-Server reachable only locally, should be authoritative for zone
test.lab.fo
> is there a way to know that a query has already been tried a few
> minutes ago, and failed?
>From whose perspective?
A well-behaved application could remember it asked the same query
a short while ago, of course, but that's up to the application.
Or is the perspective that of a recursive resol
On 08 Feb 2021, at 11:10, @lbutlr wrote:
> That recreates the .signed.jnl and not the .signed file. No errors are
> reported.
Well, I have finally ogttenteh test zone to the point where dnssec-verify is
happy and everything that I can check also seems happy except dnsviz which is
very very VER
Hi,
is there a way to know that a query has already been tried a few minutes ago,
and failed?
It happens seldomly, but sometimes the DKIM mail filter gets a SERVFAIL when it
tries to authenticate an incoming message. SERVFAIL occurs when DNSSEC check
fails. Trying again is useless, it has
12 matches
Mail list logo
