Querying directly a nameserver works, while forwarding not
Mark Andrews
marka at isc.org
Thu Dec 6 23:39:47 UTC 2012
In message <CAL_2sc0MnJtUYiakXx71hMN5+22G-FAKYBDBLoyrxB_hkbK1-A at mail.gmail.com>, Daniele Imbrogino writes:
> I'm testing new configuration on VirtualBox following the advice of not
> forwarding.
> Furthermore, I exclude any reference to DNSSEC.
>
> So, in these conditions and assuming an empty cache, if I query for a
> remote domain name, my server should query a root-server and then iterate,
> right?
> Well, Wireshark shows me outcoming queries and incoming responses to/from
> root-servers, but "dig www.apple.com" (for example) fails with a timeout.
>
> "syslog" has a lot of "DNS format error ... non-improving referral" and
> "error (FORMERR) resolving" entries.
Find the "transparent" DNS cache and nuke it. Most site that do
this deploy a ordinary DNS recursive server and that DOES NOT work
with recursive server expecting to be talking to authoritative
servers.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list