query (cache) 'domain.com/AAAA/IN' denied

Chris Buxton chris.p.buxton at gmail.com
Thu Oct 11 03:26:31 UTC 2012


On Oct 10, 2012, at 7:22 PM, kalin wrote:

> if i add a zone record to the named.conf i'm editing and do a dig on it, locally i get it fine:
> 
> $ dig @ns2..... domain.com
> 
> ; <<>> DiG 9.8.1-P1 <<>> @ns2..... domain.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52275
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

No you don't. You're getting it from the other computer. No 'aa' flag.

Your zone is not loading for some reason.

The reason it works locally and not remotely is, the local query is in the default allow-recursion ACL, but the remote host is not.

The recursion settings are a red herring. Solve the missing 'aa' flag.

Chris Buxton
BlueCat Networks


More information about the bind-users mailing list