dig-problems, query-problems
Barry Margolin
barmar at genuity.net
Thu Jan 24 16:13:01 UTC 2002
In article <a2nptr$14s at pub3.rc.vix.com>, <pilsl at goldfisch.at> wrote:
>first:
> if I add a new entry (lets say a A entry called test) to a zone on
>the master-named (and update the serial) and then dig for this entry
>from a different machine (that runs a non-forwarding nameserver) it
>cant be found for quite a while (few hours) and the dig reveals an old
>serial in its authority-section. When I issue a dig +trace the entry
>is found ...
Sounds like negative caching doing its job. Since you have the MinTTL
field set to 1 day, this means that you allow negative cache entries to
persist for that long. If you don't want such long negative caching, lower
this field of the SOA record.
>second:
>
>As I read in the dns-howto, I enabled query only for local in my
>named.conf and added 'allow-query { any; };' to all "public" domains.
>Unfortunately I got loads of "query denied" entries in my syslog then.
>As soon as I allowed query global and added 'allow-query { local; };'
>to the "private" domains, things worked.
Did the "query denied" messages refer to addresses that are supposed to be
allowed to use your server as a resolver? If not, what's the problem?
>third:
>
>I tried to run "named -d 1000" to debug as soon as possible (and
>hopefully see all incoming queries) but no more messages than when
>running nnamed without the debug-option went to my syslog.
Debugging messages go to the file "named.run", not syslog.
--
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
More information about the bind-users
mailing list