<html><body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"><div>From the output of your dig command you show that you are running a MacOSX system. Are you running the firewall on this system also? That may be dropping the TCP communication.<br><br>Be aware that Apple's DNS server configrration throws every bell and whistle into the config. If you really are serious about running a DNS server under MacOSX, then make a post on the MacOSX-server list and step back for all of the reasons this isn't a good idea, at least not using what Apple give you.<br><br>Bill Larson<br><br>and sorry about the top posting, but this was ...<br>Sent from Garminfone by T-Mobile.<br><br>Scott Haneda <talklists@newgeo.com> wrote:<br><br></div><blockquote type=3D"cite"><div>Hello, I have set up a new BIND/named server, being backed by DLZ in this case, though I don't think that will have any bearing on my question.<br><br>This NS is not publicly known or listed as an NS anywhere as of yet, so it is only my own testing that has hit the machine. If I perform a dig request, the first request returns additional data, any subsequent lookups return no additional data. Does anyone know why this is?<br><br>I also seem to have issues when forcing tcp, does anyone have any ideas what that could be caused by? Is there a setting in named.conf that controls udp/tcp or should I be talking to the network admin about this?<br><br>I have to obfuscate this data, I apologize for that...<br><br>== First dig request, never been looked up before<br> ; <<>> DiG 9.6.0-APPLE-P2 <<>> @63.251.yyy.yy example.com<br> ; (1 server found)<br> ;; global options: +cmd<br> ;; Got answer:<br> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41088<br> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2<br> ;; WARNING: recursion requested but not available<br> <br> ;; QUESTION SECTION:<br> ;example.com. IN A<br> <br> ;; ANSWER SECTION:<br> example.com. 3600 IN A 208.122.xxx.xx<br> <br> ;; AUTHORITY SECTION:<br> example.com. 86400 IN NS ns2.some-nameserver.com.<br> example.com. 86400 IN NS ns1.some-nameserver.com.<br> <br> ;; ADDITIONAL SECTION:<br> ns1.some-nameserver.com. 86400 IN A 208.122.xxx.xx<br> ns2.some-nameserver.com. 86400 IN A 208.122.226.214<br><br>== Second dig request, moments after the first<br> ;; Query time: 41 msec<br> ;; SERVER: 63.251.yyy.yy#53(63.251.yyy.yy)<br> ;; WHEN: Wed Sep 15 12:15:48 2010<br> ;; MSG SIZE rcvd: 136<br> <br> <br> ; <<>> DiG 9.6.0-APPLE-P2 <<>> @63.251.yyy.yy example.com<br> ; (1 server found)<br> ;; global options: +cmd<br> ;; Got answer:<br> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20029<br> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<br> ;; WARNING: recursion requested but not available<br> <br> ;; QUESTION SECTION:<br> ;example.com. IN A<br> <br> ;; ANSWER SECTION:<br> example.com. 3600 IN A 208.122.xxx.xx<br> <br> ;; Query time: 37 msec<br> ;; SERVER: 63.251.yyy.yy#53(63.251.yyy.yy)<br> ;; WHEN: Wed Sep 15 12:15:50 2010<br> ;; MSG SIZE rcvd: 55<br><br>And trying to see what is going on with tcp or udp...<br><br>$dig @63.251.yyy.yy example.com +tcp<br>;; Connection to 63.251.yyy.yy#53(63.251.yyy.yy) for example.com failed: connection refused.<br><br>If I do the same thing with +notcp, I get the result in example #2 above, where there is no additional section.<br><br>Thank you for any assistance, I appreciate it.<br><br>-- <br>Scott (* For off-list contact, replace talklists@ with scott@ *)<br><br>_______________________________________________<br>bind-users mailing list<br>bind-users@lists.isc.org<br>https://lists.isc.org/mailman/listinfo/bind-users<br></div></blockquote></body></html>