dig +trace = Bad Referral orBad Horizontal referral
project722
project722 at gmail.com
Tue Sep 20 16:50:42 UTC 2016
I've reverted my configuration back to before we started using views. But,
if this was a delegation issue, wouldn't we expect to see it regardless of
using views or not? Works fine without views.
On Tue, Sep 20, 2016 at 8:58 AM, Matthew Pounsett <matt at conundrum.com>
wrote:
>
>
> On 16 September 2016 at 11:12, project722 <project722 at gmail.com> wrote:
>
>> I have an interesting problem. I started noticing that when I do a dig
>> +trace against one of the domains we are authoritative for, we get errors
>> from our nameservers for "Bad Referral" and you can see where it forwarded
>> the request back up the namespace tree instead of giving the answer.
>> Unfortunately I am unable to reproduce this problem at the moment. However
>> I can reproduce the Bad (HORIZONTAL) referral. Basically once the query is
>> referred to our name server I see this:
>>
>> ;; BAD (HORIZONTAL) REFERRAL
>> ;; Received 187 bytes from x.x.x.x#53(ns.example.com in 2 ms
>>
>
> A horizontal referral is when one authoritative zone (the parent)
> delegates a subdomain to a server that responds out of the same parent
> zone, rather than a subzone. The DNS is an inverted tree structure, and
> delegations are always supposed to be "down" the tree toward the leaves.
> If a delegation ends up being across, then you get a horizontal referral
> error.
>
> Since you obfuscated your configuration nobody is going to be able to
> provide you with specific advice on where the problem is. If you can find
> the error in your authoritative data (or share which zone is giving you
> problems so that someone here can point it out) that should clear up your
> issue.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160920/8b9d9dd8/attachment-0001.html>
More information about the bind-users
mailing list