Help with dig to check NS servers for DNSSEC setup

Tue Nov 15 11:02:49 UTC 2011

In message <Sam.Wilson-4A322F.10551015112011 at news.eternal-september.org>, Sam Wilson writes:
> In article <mailman.90.1321303169.68562.bind-users at lists.isc.org>,
>  Eduardo Bonsi <beartcom at pacbell.net> wrote:
> 
> > I am checking my DNS setup from inside using dig and I am getting 
> > everything ok but I need a second opinion from outside of the server to 
> > see if my ns1 and ns2 are responding ok to setup DNSSEC.
> 
> Looks like you haven't put in any glue records for nsX.bonsi.org.
> 
> Sam
> ---

The glue exists.  The lookup of the address records fails the servers
at 63.200.45.18 and 63.200.45.19 return refused.

> $ dig bonsi.org +trace
> 
> ; <<>> DiG 9.3.6-APPLE-P2 <<>> bonsi.org +trace
> ;; global options:  printcmd
> .                       432891  IN      NS      g.root-servers.net.
> .                       432891  IN      NS      f.root-servers.net.
> .                       432891  IN      NS      d.root-servers.net.
> .                       432891  IN      NS      l.root-servers.net.
> .                       432891  IN      NS      c.root-servers.net.
> .                       432891  IN      NS      b.root-servers.net.
> .                       432891  IN      NS      m.root-servers.net.
> .                       432891  IN      NS      j.root-servers.net.
> .                       432891  IN      NS      e.root-servers.net.
> .                       432891  IN      NS      i.root-servers.net.
> .                       432891  IN      NS      a.root-servers.net.
> .                       432891  IN      NS      h.root-servers.net.
> .                       432891  IN      NS      k.root-servers.net.
> ;; Received 512 bytes from 129.215.205.191#53(129.215.205.191) in 1 ms
> 
> org.                    172800  IN      NS      b0.org.afilias-nst.org.
> org.                    172800  IN      NS      c0.org.afilias-nst.info.
> org.                    172800  IN      NS      a0.org.afilias-nst.info.
> org.                    172800  IN      NS      b2.org.afilias-nst.org.
> org.                    172800  IN      NS      a2.org.afilias-nst.info.
> org.                    172800  IN      NS      d0.org.afilias-nst.org.
> ;; Received 429 bytes from 192.112.36.4#53(g.root-servers.net) in 52 ms
> 
> bonsi.org.              86400   IN      NS      ns2.bonsi.org.
> bonsi.org.              86400   IN      NS      ns1.bonsi.org.
> ;; Received 95 bytes from 199.19.54.1#53(b0.org.afilias-nst.org) in 230 
> ms
> 
> dig: couldn't get address for 'ns2.bonsi.org': not found
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org