Delegation not working

Mike Bernhardt bernhardt at bart.gov
Thu May 7 19:50:18 UTC 2009 

That gave me:
dig +norec -x 10.0.2.252 @148.165.126.87 dig +norec -x 10.0.2.252
@10.2.242.222
;; connection timed out; no servers could be reached
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34563
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 14

;; QUESTION SECTION:
;dig.                           IN      A

;; AUTHORITY SECTION:
.                       162058  IN      NS      C.ROOT-SERVERS.NET.
.                       162058  IN      NS      D.ROOT-SERVERS.NET.
.                       162058  IN      NS      E.ROOT-SERVERS.NET.
.                       162058  IN      NS      F.ROOT-SERVERS.NET.
.                       162058  IN      NS      G.ROOT-SERVERS.NET.
.                       162058  IN      NS      H.ROOT-SERVERS.NET.
.                       162058  IN      NS      I.ROOT-SERVERS.NET.
.                       162058  IN      NS      J.ROOT-SERVERS.NET.
.                       162058  IN      NS      K.ROOT-SERVERS.NET.
.                       162058  IN      NS      L.ROOT-SERVERS.NET.
.                       162058  IN      NS      M.ROOT-SERVERS.NET.
.                       162058  IN      NS      A.ROOT-SERVERS.NET.
.                       162058  IN      NS      B.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     599086  IN      A       198.41.0.4
A.ROOT-SERVERS.NET.     552012  IN      AAAA    2001:503:ba3e::2:30
B.ROOT-SERVERS.NET.     35325   IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     599099  IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     599100  IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     599101  IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     599102  IN      A       192.5.5.241
F.ROOT-SERVERS.NET.     552012  IN      AAAA    2001:500:2f::f
G.ROOT-SERVERS.NET.     599090  IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     599091  IN      A       128.63.2.53
H.ROOT-SERVERS.NET.     552012  IN      AAAA    2001:500:1::803f:235
I.ROOT-SERVERS.NET.     599092  IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     208142  IN      A       192.58.128.30
J.ROOT-SERVERS.NET.     208142  IN      AAAA    2001:503:c27::2:30

;; Query time: 0 msec
;; SERVER: 148.165.30.30#53(148.165.30.30)
;; WHEN: Thu May  7 12:52:39 2009
;; MSG SIZE  rcvd: 504


; <<>> DiG 9.3.4 <<>> +norec -x 10.0.2.252 @148.165.126.87 dig +norec -x
10.0.2.252 @10.2.242.222
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

-----Original Message-----
From: Chris Buxton [mailto:cbuxton at menandmice.com] 
Sent: Thursday, May 07, 2009 12:50 PM
To: Mike Bernhardt
Cc: bind-users at lists.isc.org
Subject: Re: Delegation not working

On May 7, 2009, at 12:37 PM, Mike Bernhardt wrote:
> And dig gives me this:
> dig +norec @athena -x 10.0.2.252
>
> ;; QUESTION SECTION:
> ;252.2.0.10.in-addr.arpa.       IN      PTR
>
> ;; AUTHORITY SECTION:
> 0.10.in-addr.arpa.      14400   IN      NS      mrep-02.adm.bart.gov.
> 0.10.in-addr.arpa.      14400   IN      NS      dhcp-01.adm.bart.gov.
>
> ;; ADDITIONAL SECTION:
> dhcp-01.adm.bart.gov.   86400   IN      A       148.165.126.87
> mrep-02.adm.bart.gov.   86400   IN      A       10.2.242.222

That looks perfect.

> Without +norec, it times out.


OK, now we're getting somewhere. Why would the server "athena" have  
trouble querying those two servers? Try this from "athena" itself:

dig +norec -x 10.0.2.252 @148.165.126.87
dig +norec -x 10.0.2.252 @10.2.242.222

Chris Buxton
Professional Services
Men & Mice

More information about the bind-users mailing list