Authoritative and caching
Danjel Jungersen
danjel at jungersen.dk
Wed Feb 19 10:21:43 UTC 2025
On 19-02-2025 11:11, Marco Moock wrote:
> Am Wed, 19 Feb 2025 10:58:14 +0100
> schrieb Danjel Jungersen via bind-users <bind-users at lists.isc.org>:
>
>> But if I change /etc/resolv.conf to 127.0.0.1 something happens
>> If I do a dig or ping from my postfixbox to something that the 2 main
>> bind-boxes are authoratative for, it doesn't work.
> Please sniff the DNS traffic between the 2 machines and check if the
> request goes out to the authoritative server and check what it replied.
>
> You can trigger the request by
>
> dig A/AAAA non-working domain @IP.
>
> Try +recurse/+norecurse to check if the issue is related to those flags.
root at mail:~# dig A mail.jungersen.dk @127.0.0.1
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> A mail.jungersen.dk @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 9792
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: d55e55f5d6573eaf0100000067b5af13a2e4bdccbb3ce36b (good)
;; QUESTION SECTION:
;mail.jungersen.dk. IN A
;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Feb 19 11:14:43 CET 2025
;; MSG SIZE rcvd: 74
dig +recurse A mail.jungersen.dk @127.0.0.1
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> +recurse A mail.jungersen.dk
@127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 19526
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 1579e49c3774139b0100000067b5af24e95ccd20f610d99d (good)
;; QUESTION SECTION:
;mail.jungersen.dk. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Feb 19 11:15:00 CET 2025
;; MSG SIZE rcvd: 74
dig +norecurse A mail.jungersen.dk @127.0.0.1
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> +norecurse A mail.jungersen.dk
@127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10118
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 689869318da8e64c0100000067b5af33f48840b2e116d76e (good)
;; QUESTION SECTION:
;mail.jungersen.dk. IN A
;; AUTHORITY SECTION:
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Feb 19 11:15:15 CET 2025
;; MSG SIZE rcvd: 297
Not sure how to do the sniff part(?)
But I must get some sort of answer...
dig A postfix.org @127.0.0.1
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> A postfix.org @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2255
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 6c3f5cf7e1e34e450100000067b5b035b878201ed4e8d3fd (good)
;; QUESTION SECTION:
;postfix.org. IN A
;; ANSWER SECTION:
postfix.org. 3600 IN A 65.108.3.114
;; Query time: 852 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Feb 19 11:19:33 CET 2025
;; MSG SIZE rcvd: 84
Best regards
Danjel
More information about the bind-users
mailing list