Delegation not working
Chris Buxton
cbuxton at menandmice.com
Thu May 7 20:19:18 UTC 2009
Mike,
That was two separate commands.
dig +norec -x 10.0.2.252 @148.165.126.87
and
dig +norec -x 10.0.2.252 @10.2.242.222
So most of what you sent back is gibberish. However, at the top, there
is the message "connection timed out; no servers could be reached".
There's at least part of your problem.
Chris Buxton
Professional Services
Men & Mice
On May 7, 2009, at 12:50 PM, Mike Bernhardt wrote:
> That gave me:
> dig +norec -x 10.0.2.252 @148.165.126.87 dig +norec -x 10.0.2.252
> @10.2.242.222
> ;; connection timed out; no servers could be reached
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34563
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14
>
> ;; QUESTION SECTION:
> ;dig. IN A
>
> ;; AUTHORITY SECTION:
> . 162058 IN NS C.ROOT-SERVERS.NET.
> . 162058 IN NS D.ROOT-SERVERS.NET.
> . 162058 IN NS E.ROOT-SERVERS.NET.
> . 162058 IN NS F.ROOT-SERVERS.NET.
> . 162058 IN NS G.ROOT-SERVERS.NET.
> . 162058 IN NS H.ROOT-SERVERS.NET.
> . 162058 IN NS I.ROOT-SERVERS.NET.
> . 162058 IN NS J.ROOT-SERVERS.NET.
> . 162058 IN NS K.ROOT-SERVERS.NET.
> . 162058 IN NS L.ROOT-SERVERS.NET.
> . 162058 IN NS M.ROOT-SERVERS.NET.
> . 162058 IN NS A.ROOT-SERVERS.NET.
> . 162058 IN NS B.ROOT-SERVERS.NET.
>
> ;; ADDITIONAL SECTION:
> A.ROOT-SERVERS.NET. 599086 IN A 198.41.0.4
> A.ROOT-SERVERS.NET. 552012 IN AAAA 2001:503:ba3e::2:30
> B.ROOT-SERVERS.NET. 35325 IN A 192.228.79.201
> C.ROOT-SERVERS.NET. 599099 IN A 192.33.4.12
> D.ROOT-SERVERS.NET. 599100 IN A 128.8.10.90
> E.ROOT-SERVERS.NET. 599101 IN A 192.203.230.10
> F.ROOT-SERVERS.NET. 599102 IN A 192.5.5.241
> F.ROOT-SERVERS.NET. 552012 IN AAAA 2001:500:2f::f
> G.ROOT-SERVERS.NET. 599090 IN A 192.112.36.4
> H.ROOT-SERVERS.NET. 599091 IN A 128.63.2.53
> H.ROOT-SERVERS.NET. 552012 IN AAAA 2001:500:1::803f:235
> I.ROOT-SERVERS.NET. 599092 IN A 192.36.148.17
> J.ROOT-SERVERS.NET. 208142 IN A 192.58.128.30
> J.ROOT-SERVERS.NET. 208142 IN AAAA 2001:503:c27::2:30
>
> ;; Query time: 0 msec
> ;; SERVER: 148.165.30.30#53(148.165.30.30)
> ;; WHEN: Thu May 7 12:52:39 2009
> ;; MSG SIZE rcvd: 504
>
>
> ; <<>> DiG 9.3.4 <<>> +norec -x 10.0.2.252 @148.165.126.87 dig
> +norec -x
> 10.0.2.252 @10.2.242.222
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
> -----Original Message-----
> From: Chris Buxton [mailto:cbuxton at menandmice.com]
> Sent: Thursday, May 07, 2009 12:50 PM
> To: Mike Bernhardt
> Cc: bind-users at lists.isc.org
> Subject: Re: Delegation not working
>
> On May 7, 2009, at 12:37 PM, Mike Bernhardt wrote:
>> And dig gives me this:
>> dig +norec @athena -x 10.0.2.252
>>
>> ;; QUESTION SECTION:
>> ;252.2.0.10.in-addr.arpa. IN PTR
>>
>> ;; AUTHORITY SECTION:
>> 0.10.in-addr.arpa. 14400 IN NS mrep-02.adm.bart.gov.
>> 0.10.in-addr.arpa. 14400 IN NS dhcp-01.adm.bart.gov.
>>
>> ;; ADDITIONAL SECTION:
>> dhcp-01.adm.bart.gov. 86400 IN A 148.165.126.87
>> mrep-02.adm.bart.gov. 86400 IN A 10.2.242.222
>
> That looks perfect.
>
>> Without +norec, it times out.
>
>
> OK, now we're getting somewhere. Why would the server "athena" have
> trouble querying those two servers? Try this from "athena" itself:
>
> dig +norec -x 10.0.2.252 @148.165.126.87
> dig +norec -x 10.0.2.252 @10.2.242.222
>
> Chris Buxton
> Professional Services
> Men & Mice
>
More information about the bind-users
mailing list