Secondary DNS question...

Lawrence K. Chen, P.Eng. lkchen at
Wed Jun 26 19:31:18 UTC 2013

Oops, images were too's links.

----- Original Message -----
> >> All very interesting, but I'm afraid at my level of expertise on
> >> DNS, I'm
> >> not following.  If I'm broken, how do I attempt to fix?  Someone
> >> mentioned
> >> that our was not authoritative.  How does one
> >> even
> >> decide that?  As far as I know I haven't had any issues until
> >> now...
> >On Jun 26, 2013, at 12:38 AM, Frank Bulk <frnkblk at> wrote:
> >> Do you have a box such as a firewall or load-balancer sitting in
> >> front of
> >> ns1?
> On 26.06.13 01:46, SH Development wrote:
> >No, the box is hanging right off the internet on a static IP.
> there's apparently something wrong about your server or its firewall.
> The
> DNS responses (at least for the SOA) come out broken (at least they
> get
> invalid here), however I have no idea in which way they are broken.
> Maybe someone with better DNS knowledge could look at output I have
> posted
> before. Available at
> or
> pcap
> format at
I had poked around with some of the online DNS checking tools, and found one ( that reported a response from, but apparently I never hit send and I cleaned out my drafts folder this morning.

Below is what I saw for responses....though not sure if its right or wrong for an authoritative nameserver to have 0 authority records in the response.

Since I also linked the result for my own domain....which shows and are also doing that (which I attribute to having minimal-responses set.)

Might require deeper analysis.... I recall a problem with a delegated subdomain where the NS we were pointed at were answering but non-authoratively. (which I suppose I could kluge them in as a forward zone, as I'm doing for another groups AD....though there is now talk of whether that AD should have me be secondaries to them, which I suppose I should find out what's involved in that.)

> --
> Matus UHLAR - fantomas, uhlar at ;
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> I'm not interested in your website anymore.
> If you need cookies, bake them yourself.

More information about the bind-users mailing list