ns_initparse: Message too long

[Denis Ducamp]

Hello,

I have a domain in .org, let's say it's called test.org . Zones
transferts between secondary and primary are OK.
In my primary server I defined :
www             IN      CNAME   shell1.sourceforge.net.
When I type :

. dig @secondary www.test.org
  the good reply is made.

. dig @primary www.test.org
  the following reply is printed :
        ;; res options: init recurs defnam dnsrch
        ;; got answer:
        ;; ns_initparse: Message too long
        ;; Total query time: 207 msec
  and the primary logs :
  security: notice: unapproved query from [ex.te.rn.al].1171 for
"shell1.sourceforge.net"

The primary is configured rather stricly. /etc/named.conf extracts :
acl mynetworks {
          // Host that can query anything
...
};
acl blockblackhole {
...
};
acl mysecondaries {
...
};
options {
...
        directory "/bind";
        blackhole { blockblackhole; };
        allow-query {
          mynetworks;
        };
        allow-transfer {
          mynetworks;
        };
};
...
zone "test.org" {
        type master;
        file "p/test.org";
        // We must respond to any query on this zone
        allow-query {
          any;
        };
        // Limit transfer from inside and secondaries;
        allow-transfer {
          mynetworks;
          mysecondaries;
        };
};
...

Is it a bug or a misconfiguration ?
How can I make it work without allowing the primary to resolve external
domains for external clients ?

Thanks in advance,

Denis Ducamp.

-- 
Denis.Ducamp at hsc.fr -- Hervé Schauer Consultants -- http://www.hsc.fr/