dig-problems, query-problems

Barry Margolin barmar at genuity.net
Thu Jan 24 16:13:01 UTC 2002


In article <a2nptr$14s at pub3.rc.vix.com>,  <pilsl at goldfisch.at> wrote:
>first: 
> if I add a new entry (lets say a A entry called test) to a zone on
>the master-named (and update the serial) and then dig for this entry
>from a different machine (that runs a non-forwarding nameserver) it
>cant be found for quite a while (few hours) and the dig reveals an old
>serial in its authority-section. When I issue a dig +trace the entry
>is found ...

Sounds like negative caching doing its job.  Since you have the MinTTL
field set to 1 day, this means that you allow negative cache entries to
persist for that long.  If you don't want such long negative caching, lower
this field of the SOA record.

>second:
>
>As I read in the dns-howto, I enabled query only for local in my
>named.conf and added 'allow-query { any; };' to all "public" domains.
>Unfortunately I got loads of "query denied" entries in my syslog then.
>As soon as I allowed query global and added 'allow-query { local; };'
>to the "private" domains, things worked.

Did the "query denied" messages refer to addresses that are supposed to be
allowed to use your server as a resolver?  If not, what's the problem?

>third:
>
>I tried to run "named -d 1000" to debug as soon as possible (and
>hopefully see all incoming queries) but no more messages than when
>running nnamed without the debug-option went to my syslog.

Debugging messages go to the file "named.run", not syslog.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list