BIND server; dig vs dig +trace on failing lookup.

Gregory Sloop gregs at
Wed Mar 3 02:20:24 UTC 2021

Would you mind showing me how you got there? 
[The answer is fab, obviously. But give a man a fish...and all that. :) ]


MA> The COM servers have stale glue

MA>     172800  IN      A
MA>     172800  IN      A

MA> vs

MA>     86400   IN      A
MA>     86400   IN      A

MA> The later set of servers are what you query when you run dig +trace.
MA> If you prime the cache the plain lookup should work.  Report the out
MA> of date glue to the zone administrator.

MA> Mark

>> On 3 Mar 2021, at 13:06, Gregory Sloop <gregs at> wrote:

>> I've got a case, (and I see several other similar reports) where BIND is failing to find an A record for a domain.
>> Yet a dig +trace does.

>> (I'm doing the dig on the BIND server. It's set to be a root resolving server, not a forwarder.)

>> As I understand this, +trace will also involve resolve.conf options. And in this case, I've got Google DNS as one of the resolve.conf entries.
>> So, I can see how +trace would deliver different results than simply dig-ing - provided that +trace does involve resolve.conf.

>> Here's a plain dig, using the BIND server itself - from the console.
>> ---
>> dig @

>> ; <<>> DiG 9.11.3-1ubuntu1.14-Ubuntu <<>> @
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 61786
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

>> ; EDNS: version: 0, flags:; udp: 4096
>> ; COOKIE: 13ec0c9b10770ea12426539e603957900a997f7258962cce (good)
>> ;                    IN      A

>> ;; Query time: 0 msec
>> ;; SERVER:
>> ;; WHEN: Fri Feb 26 12:18:24 PST 2021
>> ;; MSG SIZE  rcvd: 67

>> ---

>> I could post the dig +trace, if it adds any information, but I suspect it doesn't.

>> So, what methods or steps might I take to figure out why the above lookup/dig fails?
>> [I intended +trace to do that, but since it's not doing the same thing a plain dig does, it's not very useful as a diagnostic tool.]

>> I've done some searching to see how to accomplish this, but it's a difficult question to frame without a ton of worthless hits.
>> So, can someone point me at a good source for a how-to/walk-through? A previous list posting?

>> Again, the question is; what methods or steps (best practices) might I take to figure out why the above lookup/dig fails?

>> TIA
>> -Greg
>> _______________________________________________
>> Please visit to unsubscribe from this list

>> ISC funds the development of this software with paid support subscriptions. Contact us at for more information.

>> bind-users mailing list
>> bind-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list