Len Conrad lconrad at
Wed Sep 29 13:58:13 UTC 2010


BIND 9.6.0-P1


machine is postfix MX relay-only gateway

on a separate machines, on IPs &,  rbldnsd is running a local copy of zen.spamhaus

nmap shows and with port 53 UDP open.

dig @ or .2  works.


zone "" { type forward; forwarders { ; ; }; forward only; };

and no other forwarding statements.

named query logging shows client (postfix/postscreen) sending queries to

tshark capture shows the BIND machine sending queries to the NSs authoritative for, rather than forwarding to the above forwarders.

The above situation on 3 different MXs.  The weirdest is that when we fired up private zen and forwarding on the 3 MXs, they all worked immediately, perfectly, for about 24 hours, millions of queries, then within a few minutes, they all stopped working with the zen servers, and haven't worked since.  stop/start postfix and named has not effect.

What is overriding the zone forwarding?


