How do I debug if the queries are not getting resolved?

stuart at registry.godaddy stuart at registry.godaddy
Tue Dec 12 02:05:36 UTC 2023 

> Subject: Re: How do I debug if the queries are not getting resolved?
> 
> Oh I forgot to tell you that. This is BIND RPZ and all the queries are recursive. 
> 
> Dig output just dies out and does not spit anything.
> 
> And this specifically i noticed with .gov and .gov.in domain. This is the reason I thing it might be related with DNSSEC.

Given that there's no implicit RPZ related to .gov or .gov.in, can you please provide us with some concreate examples of what you're trying to achieve?

> Also wanted to understand overall how do I debug any queries.

What you've described so far is the inability to reach your recursing name server, i.e. the very first step.

You've not mentioned what OS you're doing these tests from, so we can't direct you with specifics, just very broad and imprecise steps.

Namely:

- Check what name server your host is configured to use.
- Using the "dig" command with a "@[ip-address]", verify that you can actually ask that server queries. i.e.

dig @127.0.0.1 www.google.com. IN A

- Verify that you're asking a correct question by looking at the "Question" section of the output. i.e. 

;; QUESTION SECTION:
;www.google.com. IN A

- Verify that the response you received is not an error of some kind, i.e.:

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54894
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

- If you're the one running the recursing name server, verify that no errors occurred in the log files.

Etc.

For us to help you further, please give us specific information, otherwise we're just fishing around to try give you relevant information.

> On Tue, Dec 12, 2023, 00:28 Marco Moock <mailto:mm at dorfdsl.de <mailto:mm at dorfdsl.de>> wrote:
> Am 11.12.2023 um 23:37:36 Uhr schrieb Blason R:
> 
> > I require assistance in troubleshooting the resolution issue for
> > specific domains that are not being resolved properly. The version of
> > BIND I am currently using is BIND 9.18.20-1.
> 
> First, tell us if those queries are authoritative on that server or not.
> 
> Try using dig and post the output here.
> -- 

Stuart

More information about the bind-users mailing list