Help with dig to check NS servers for DNSSEC setup
Sam.Wilson at ed.ac.uk
Tue Nov 15 11:18:53 UTC 2011
In article <mailman.103.1321354990.68562.bind-users at lists.isc.org>,
Mark Andrews <marka at isc.org> wrote:
> In message <Sam.Wilson-4A322F.10551015112011 at news.eternal-september.org>, Sam
> Wilson writes:
> > In article <mailman.90.1321303169.68562.bind-users at lists.isc.org>,
> > Eduardo Bonsi <beartcom at pacbell.net> wrote:
> > > I am checking my DNS setup from inside using dig and I am getting
> > > everything ok but I need a second opinion from outside of the server to
> > > see if my ns1 and ns2 are responding ok to setup DNSSEC.
> > Looks like you haven't put in any glue records for nsX.bonsi.org.
> The glue exists. The lookup of the address records fails the servers
> at 188.8.131.52 and 184.108.40.206 return refused.
Ah, OK. I hadn't clocked that the last part of the dig:
> > bonsi.org. 86400 IN NS ns2.bonsi.org.
> > bonsi.org. 86400 IN NS ns1.bonsi.org.
> > ;; Received 95 bytes from 220.127.116.11#53(b0.org.afilias-nst.org) in 230
> > ms
> > dig: couldn't get address for 'ns2.bonsi.org': not found
... was a failure of the local resolver to find an authoritative A
record for one of the NSs rather than a failure of
b0.org.afilias-nst.org to provide glue. Thanks.
More information about the bind-users