new bind 9.9 and root NS

Michael Hoskins (michoski) michoski at
Mon Aug 6 17:56:38 UTC 2012

-----Original Message-----

From: Doug O'Leary <dkoleary at>
Date: Monday, August 6, 2012 9:58 AM
To: 'Doug Barton' <dougb at>, Mike Hoskins <michoski at>
Cc: "comp-protocols-dns-bind at" <comp-protocols-dns-bind at>
Subject: RE: new bind 9.9 and root NS

>After the network admin verified there was no firewall rule differences,
>powered off the old secondary server and re-IPed the new one with the old
>secondary.  The old secondary is able to get to the root nameservers w/o
>issue.  Once we re-IPed the new one, it still was unable to get to the
>nameservers via dig.

Just checking the obvious; no host-based firewall on the new box?  Is it
the same OS?

>I also downloaded and installed lft - layer four traceroute (wonderful
>program, that one is).  Lft was unable to get *anywhere* using udp
>regardless of what the IP address of the new system is.   So, there's
>something with the virtualization software, vmware, which is preventing
>packets.  There are some web sites saying the same thing so this isn't
>completely out of the blue.  The client's opening a service call with
>to see if there's a resolution.

I'm serving several thousand clients using VMware + BIND, so I'm curious
to see where this goes.  :-)

Which VMware product are you using, and what host platform?


More information about the bind-users mailing list