Help with dig to check NS servers for DNSSEC setup

Adamiec, Lawrence Ladamiec at kentlaw.edu
Mon Nov 14 20:44:35 UTC 2011


Here are some results using the same commands you used.



# dig bonsi.org

; <<>> DiG 9.6.1-P3 <<>> bonsi.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1462
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bonsi.org.                     IN      A

;; Query time: 666 msec
;; SERVER: 64.131.119.11#53(64.131.119.11)
;; WHEN: Mon Nov 14 14:41:54 2011
;; MSG SIZE  rcvd: 27



# dig @63.200.45.18 ns1.bonsi.org soa

; <<>> DiG 9.6.1-P3 <<>> @63.200.45.18 ns1.bonsi.org soa
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 986
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;ns1.bonsi.org.                 IN      SOA

;; Query time: 75 msec
;; SERVER: 63.200.45.18#53(63.200.45.18)
;; WHEN: Mon Nov 14 14:42:25 2011
;; MSG SIZE  rcvd: 31

#

> -----Original Message-----
> From: bind-users-bounces+ladamiec=kentlaw.edu at lists.isc.org
[mailto:bind-users-
> bounces+ladamiec=kentlaw.edu at lists.isc.org] On Behalf Of Eduardo Bonsi
> Sent: Monday, November 14, 2011 14:39
> To: bind-users at isc.org
> Subject: Help with dig to check NS servers for DNSSEC setup
> 
> I am checking my DNS setup from inside using dig and I am getting
> everything ok but I need a second opinion from outside of the server
to
> see if my ns1 and ns2 are responding ok to setup DNSSEC.
> 
> Thanks!
> 
> user:~ user1$ dig bonsi.org
> 
> ; <<>> DiG 9.6-ESV-R4-P3 <<>> bonsi.org
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35880
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;bonsi.org.			IN	A
> 
> ;; ANSWER SECTION:
> bonsi.org.		3600	IN	A	63.200.45.21
> 
> ;; AUTHORITY SECTION:
> bonsi.org.		3600	IN	NS	ns2.bonsi.org.
> bonsi.org.		3600	IN	NS	ns1.bonsi.org.
> 
> ;; ADDITIONAL SECTION:
> ns2.bonsi.org.		3600	IN	A	63.200.45.19
> 
> ;; Query time: 14 msec
> ;; SERVER: 63.200.45.18#53(63.200.45.18)
> ;; WHEN: Mon Nov 14 12:09:43 2011
> ;; MSG SIZE  rcvd: 95
> ********************************************************************
> user:~ user1$ dig @63.200.45.18 ns1.bonsi.org soa
> 
> ; <<>> DiG 9.6-ESV-R4-P3 <<>> @63.200.45.18 ns1.bonsi.org soa
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31586
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;ns1.bonsi.org.			IN	SOA
> 
> ;; ANSWER SECTION:
> ns1.bonsi.org.		3600	IN	SOA	ns1.bonsi.org.
hostmaster.bonsi.org.
> 2011101403 10800 3600 604800 3600
> 
> ;; AUTHORITY SECTION:
> ns1.bonsi.org.		3600	IN	NS	ns1.bonsi.org.
> 
> ;; Query time: 14 msec
> ;; SERVER: 63.200.45.18#53(63.200.45.18)
> ;; WHEN: Mon Nov 14 12:10:19 2011
> ;; MSG SIZE  rcvd: 92
> ********************************************************************
> user:~ user1$ dig @63.200.45.19 ns2.bonsi.org
> 
> ; <<>> DiG 9.6-ESV-R4-P3 <<>> @63.200.45.19 ns2.bonsi.org
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38660
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;ns2.bonsi.org.			IN	A
> 
> ;; ANSWER SECTION:
> ns2.bonsi.org.		3600	IN	A	63.200.45.19
> 
> ;; AUTHORITY SECTION:
> ns2.bonsi.org.		3600	IN	NS	ns2.bonsi.org.
> 
> ;; Query time: 12 msec
> ;; SERVER: 63.200.45.19#53(63.200.45.19)
> ;; WHEN: Mon Nov 14 12:11:04 2011
> ;; MSG SIZE  rcvd: 61
> ********************************************************************
> user:~ user1$ dig @63.200.45.19 ns2.bonsi.org soa
> 
> ; <<>> DiG 9.6-ESV-R4-P3 <<>> @63.200.45.19 ns2.bonsi.org soa
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17334
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> ;; WARNING: recursion requested but not available
> 
> ;; QUESTION SECTION:
> ;ns2.bonsi.org.			IN	SOA
> 
> ;; ANSWER SECTION:
> ns2.bonsi.org.		3600	IN	SOA	ns2.bonsi.org.
hostmaster.bonsi.org.
> 2011101409 10800 3600 604800 3600
> 
> ;; AUTHORITY SECTION:
> ns2.bonsi.org.		3600	IN	NS	ns2.bonsi.org.
> 
> ;; ADDITIONAL SECTION:
> ns2.bonsi.org.		3600	IN	A	63.200.45.19
> 
> ;; Query time: 58 msec
> ;; SERVER: 63.200.45.19#53(63.200.45.19)
> ;; WHEN: Mon Nov 14 12:19:50 2011
> ;; MSG SIZE  rcvd: 108
> 
> 
> --
> BEARTCOMMUNICATIONS
> Eduardo Bonsi
> System - Network Admin
> beartcom at pacbell.net
> webmaster at beart.com
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



More information about the bind-users mailing list