NXDOMAIN problems

Matus UHLAR - fantomas uhlar at fantomas.sk
Tue Nov 17 07:31:54 UTC 2020 

On 16.11.20 22:58, Boylan, Ross wrote:
>I have been experiencing NXDOMAIN errors persistently, though not 100% of
> the time, for a machine I am trying to reach.  The queries worked OK
> before today.  I not only don't know what's causing it, but am having
> trouble tracing what's going on inside of bind.  I'd be grateful for help
> on either front, getting DNS to work or debugging.
>
>There are a lot of complications.  In brief, the machine and name
> resolution for it are only available through VPN; I have a search list
> which should cause some failed lookups if the original doesn't work; and
> I'm using views.  Some details follow, and then discussion of my debugging
> attempts.
>
>DETAILS
>
>The remote machine is only accessible though VPN, and the nameserver that
> knows how to find it is also accessible only through VPN.  The IP of that
> nameserver is first on my forwarders list on my local machine.  When
> failures happen the replies indicate the request was addressed to the
> public-facing nameservers; it is good that they don't provide any info,
> but they shouldn't be getting the request.

forwarders are not used in specified order, named measures TTL and uses server
that answers first.

you can configure configure your domain with specified forwarders and to be
"forward only".

>I also added the target domain (ucsf.edu) to my search list.  So when I ask
> for mymachine.ucsf.edu, this will also generate a query for
> mymachine.ucsf.edu.ucsf.edu if the first query fails.  The second query is
> asking for a non-existent domain, and so maybe that is the proximate
> source of the NXDOMAIN.

this could be controlled by option "ndots:1" in resolv.conf, so search list
ignored for every hostname with one or more dots
... this is not BIND issue but the stub resolver issue.

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.

More information about the bind-users mailing list