query restricted on sub domain

ChrisC chris at issolutions.co.uk
Mon Aug 11 10:23:16 UTC 2003


Mark_Andrews at isc.org wrote in message news:<bh6le7$8u4$1 at sf1.isc.org>...
> > Hi Kevin,
> > Nothing special about that domain and I dont have any subdomains for
> > that specified in the named.conf file. The domain is norgren.com (as I
> > cant be bothered to change it all the time), its specified in the zone
> > file as
> > 
> > usa     IN      NS      ns.usa.norgren.com.
> >         IN      NS      ns2.usa.norgren.com.
> > 
> > Now i noticed something strange when I tested it from home, the
> > servers returned the response the first time, then it was refused, fyi
> > the primary is 193.129.122.21, scdr is 193.129.122.10. As you can see
> > both the primary and secondary gave answers for www.usa.norgren.com
> > and then refused them !!
> 
> 	Make non-recursive queries.  This is what caching nameservers
> 	do.
> 
> 	Mark
> 
> ; <<>> DiG 8.3 <<>> www.usa.norgren.com @193.129.122.10 +norec 
> ; (1 server found)
> ;; res options: init defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52075
> ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;	www.usa.norgren.com, type = A, class = IN
> 
> ;; AUTHORITY SECTION:
> usa.norgren.com.	2H IN NS	ns.usa.norgren.com.
> usa.norgren.com.	2H IN NS	ns2.usa.norgren.com.
> 
> ;; ADDITIONAL SECTION:
> ns.usa.norgren.com.	2H IN A		204.132.133.2
> ns2.usa.norgren.com.	14m7s IN A	12.41.166.132
> 
> ;; Total query time: 427 msec
> ;; FROM: bsdi.dv.isc.org to SERVER: 193.129.122.10  193.129.122.10
> ;; WHEN: Mon Aug 11 09:37:42 2003
> ;; MSG SIZE  sent: 37  rcvd: 104


Thankyou I will try that, just out of interest we use the primary
nameserver as a resolving server for internal clients, is it possible
to have recursion allowed for a subnet ? -- or is it best practice you
set up a seperate resolving only server ?


More information about the bind-users mailing list