BIND9 fails resolving after connecting to VPN
Kevin Darcy
kcd at chrysler.com
Tue Apr 12 20:48:13 UTC 2011
On 4/12/2011 4:33 AM, kapetr wrote:
> Hello,
>
> Kevin Darcy<kcd at chrysler.com> WROTE:
>
>>> Do You thing, that this VPN provider
>>> - blocks direct (not recursive) DNS questions
>>> and
>>>> - manipulates recursive queries ? [catch them,
>>> make query itself and
>>>> answers with manipulated server IP]
>>> ???
>> None of your queries were non-recursive (you'd
>> need "+norec" on your dig
>> command line for that), so I wouldn't jump to the
>> conclusion that
>> non-recursive queries are being blocked.
> I did mean queries from my local BIND, not from dig command.
>
>> What's more likely happening is that *all* of your
>> queries are being
>> transparently redirected to a recursive resolver.
>> Although, I'd be
>> curious to see what responses you get if you
>> actually generate
>> non-recursive queries (with the "+norec").
>>
> I have try it. Unfortunately ...
>
> I have get normal answers (from DNS server in Internet, which was
> accessed over the new default route == over VPN) even with
> +norecurse or +trace. These non-recurse queries have go over the VPN
> and I have get normal answers. :-(
>
How "normal" are they? BIND is likely to reject them if they purport to
be from authoritative data, but the AA flag isn't set...
- Kevin
More information about the bind-users
mailing list