<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hello!<br>
    Here is output:<br>
    /etc/namedb> dig @172.16.0.1 sokol.msk.united-networks.ru. NS
    +norec<br>
    <br>
    ; <<>> DiG 9.4.3-P2 <<>> @172.16.0.1
    sokol.msk.united-networks.ru. NS +norec<br>
    ; (1 server found)<br>
    ;; global options:  printcmd<br>
    ;; Got answer:<br>
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
    14255<br>
    ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2<br>
    <br>
    ;; QUESTION SECTION:<br>
    ;sokol.msk.united-networks.ru.  IN      NS<br>
    <br>
    ;; AUTHORITY SECTION:<br>
    sokol.msk.united-networks.ru. 3600 IN   NS     
    srvgate.sokol.msk.united-networks.ru.<br>
    <br>
    ;; ADDITIONAL SECTION:<br>
    srvgate.sokol.msk.united-networks.ru. 3359 IN A 172.31.16.16<br>
    srvgate.sokol.msk.united-networks.ru. 3359 IN A 172.16.16.1<br>
    <br>
    ;; Query time: 0 msec<br>
    ;; SERVER: 172.16.0.1#53(172.16.0.1)<br>
    ;; WHEN: Thu Apr 19 14:08:55 2012<br>
    ;; MSG SIZE  rcvd: 100<br>
    <br>
    I noticed that after some time FreeBSD still tried to ask for
    sokol.msk.united-networks.ru from Ubuntu (srvgate.sokol.msk).<br>
    It happened after 2-3 minutes after "named" was restarted on
    FreeBSD. But now FreeBSD doesn't ask for hosts in this zone.<br>
    All what I was doing during this time period - I restarted
    freevrrp-daemon on FreeBSD machine. Could it be related to issue?<br>
    <br>
    Something very strange..  Another FreeBSD (9.0) works fine in the
    same (or much like) conditions...<br>
    <br>
    Kind regards,<br>
    Ellad<br>
    <blockquote
cite="mid:CAE_wXn1yWcCSuFXj8Bdy2e+aE+gV4F2XFnW4YcCAYYu50iX4qQ@mail.gmail.com"
      type="cite">Hi,<br>
      <br>
      First of all, nslookup isn't a good tool for debug DNS problems.
      Use dig instead.<br>
      <br>
      Could you show the output of "dig @freebsdbox <a
        moz-do-not-send="true"
        href="http://sokol.msk.united-networks.ru">sokol.msk.united-networks.ru</a>.
      NS +norec" run from freebsd box itself?<br>
      <br>
      <br>
      <div class="gmail_quote">2012/4/19 Ellad G. Yatsko <span
          dir="ltr"><<a moz-do-not-send="true"
            href="mailto:eyatsko@ngs.ru">eyatsko@ngs.ru</a>></span><br>
        <blockquote class="gmail_quote" style="margin:0 0 0
          .8ex;border-left:1px #ccc solid;padding-left:1ex">
          <br>
          <blockquote class="gmail_quote" style="margin:0 0 0
            .8ex;border-left:1px #ccc solid;padding-left:1ex">    Hello!<br>
            <br>
               I have FreeBSD 7.2 x64 installed. And Bind 9.4:<br>
            <br>
               /etc/namedb> named -v<br>
               BIND 9.4.3-P2<br>
            <br>
               I have zone "/<a moz-do-not-send="true"
              href="http://united-networks.ru/" target="_blank">united-networks.ru/</a>"
            and I try to do the following:<br>
               ...<br>
               $ORIGIN <a moz-do-not-send="true"
              href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>.<br>
               @                       IN NS   srvgate<br>
               srvgate                 IN A    172.31.16.16<br>
               $ORIGIN <a moz-do-not-send="true"
              href="http://united-networks.ru" target="_blank">united-networks.ru</a>.<br>
               ...<br>
            <br>
               As I understand I delegated the SOA (IN NS) to server
            with name<br>
               <a moz-do-not-send="true"
              href="http://srvgate.sokol.msk.united-networks.ru"
              target="_blank">srvgate.sokol.msk.united-networks.ru</a>
            ("srvgate" has no tailing "dot"<br>
               so domain "<a moz-do-not-send="true"
              href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>"
            from $ORIGIN operator will be<br>
               appended), then I placed "glue"-record with
            srvgate.sokol.msk's address.<br>
               It is because as I understood nameserver of delegated
            zone is in it.<br>
            <br>
               From here I thought on the server 172.31.16.16 (it's
            Ubuntu) I must<br>
               receive DNS-requests related to zone <a
              moz-do-not-send="true"
              href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>.
            For<br>
               example if I try do nslookup <a moz-do-not-send="true"
              href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>
            on FreeBSD<br>
               7.2 x64. But:<br>
            <br>
               /etc/bind# hostname -f<br>
               <a moz-do-not-send="true"
              href="http://srvgate.sokol.msk.united-networks.ru"
              target="_blank">srvgate.sokol.msk.united-networks.ru</a><br>
               /etc/bind# tshark -ta -ni tun0 -R dns<br>
               Running as user "root" and group "root". This could be
            dangerous.<br>
               Capturing on tun0<br>
            <br>
               ...there is nothing! And FreeBSD issues NXDOMAIN. I say
            more - FreeBSD<br>
               tries to resolve name "<a moz-do-not-send="true"
              href="http://sokol.msk.united-networks.ru" target="_blank">sokol.msk.united-networks.ru</a>"
            through its forwarder in<br>
               external world!<br>
            <br>
               Where am I wrong? I simulated this situation with the
            same configurations<br>
               on Ubuntu (Bind 9.7.0-P1) and fresh-installed FreeBSD 9.0
            x64 (Bind 9.8.1-P1).<br>
               All works fine!<br>
            <br>
               -------------------------------------- related portion of
            named.conf --------------------------------------<br>
               options {<br>
                        directory       "/etc/namedb";<br>
                        pid-file        "/var/run/named/pid";<br>
                        dump-file       "/var/dump/named_dump.db";<br>
                        statistics-file "/var/stats/named.stats";<br>
            <br>
                        listen-on       {<br>
                                ....<br>
                                127.0.0.1;<br>
                                172.16.0.1;<br>
                                172.16.1.1;<br>
                                172.16.2.1;<br>
                                172.31.0.1;<br>
                        };<br>
            <br>
                        forwarders {<br>
                                89.222.167.2;<br>
                                8.8.8.8;<br>
                        };<br>
                        recursion yes;<br>
                        allow-recursion {0/0;};<br>
               };<br>
            <br>
               ...<br>
            <br>
               view internal {<br>
                        match-clients {<br>
                                <a moz-do-not-send="true"
              href="http://127.0.0.0/8" target="_blank">127.0.0.0/8</a>;<br>
                                <a moz-do-not-send="true"
              href="http://172.16.0.0/12" target="_blank">172.16.0.0/12</a>;<br>
                        };<br>
               ...<br>
                        zone "<a moz-do-not-send="true"
              href="http://united-networks.ru" target="_blank">united-networks.ru</a>"
            {<br>
                                type master;<br>
                                file "master/forward/united-networks.ru.internal";<br>
                                allow-transfer {<br>
                                        172.16.0.2;<br>
                                        172.16.16.2;<br>
                                        172.31.16.16;<br>
                                        172.31.17.0;<br>
                                        172.31.18.0;<br>
                                };<br>
                        };<br>
               ...<br>
               };<br>
               ...<br>
               -----------------------------------------------------------------------------------------------------------<br>
            <br>
               Kind regards,<br>
               Ellad<br>
          </blockquote>
          <br>
          _______________________________________________<br>
          Please visit <a moz-do-not-send="true"
            href="https://lists.isc.org/mailman/listinfo/bind-users"
            target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a>
          to unsubscribe from this list<br>
          <br>
          bind-users mailing list<br>
          <a moz-do-not-send="true"
            href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
          <a moz-do-not-send="true"
            href="https://lists.isc.org/mailman/listinfo/bind-users"
            target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
        </blockquote>
      </div>
      <br>
      <br clear="all">
      <br>
      -- <br>
      AP<br>
    </blockquote>
    <br>
  </body>
</html>