<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">OK, so your nbc.com/A resolving error
doesn't really have anything to do with the nameservers you
included in your original post.<br>
<br>
It does appear, however, that ns2.netbcp.net (205.173.93.213) is
refusing requests generally for the nbc.com domain:<br>
<br>
$ dig nbc.com +buf=4096 +norec @ns2.netbcp.net<br>
<br>
; <<>> DiG 9.4.3-P3 <<>> nbc.com +buf=4096
+norec @ns2.netbcp.net<br>
;; global options: printcmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id:
1019<br>
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1<br>
<br>
;; OPT PSEUDOSECTION:<br>
; EDNS: version: 0, flags:; udp: 4096<br>
;; QUESTION SECTION:<br>
;nbc.com. IN A<br>
<br>
;; Query time: 30 msec<br>
;; SERVER: 205.173.93.213#53(205.173.93.213)<br>
;; WHEN: Fri Oct 12 13:44:56 2012<br>
;; MSG SIZE rcvd: 36<br>
<br>
ns1.netbcp.com appears to be doing the same thing.<br>
<br>
Not known whether this is something temporary (performing
maintenance?), or something permanent (provider's contract lapsed,
but customer never updated delegations).<br>
<br>
In any case, you have enough working authoritative nameservers for
the domain, so it'll continue to resolve for you...<br>
<br>
- Kevin<br>
<br>
<br>
<br>
On 10/12/2012 1:35 PM, James Tingler wrote:<br>
</div>
<blockquote cite="mid:50781C7B.2E62.00CF.0@CONTR.NETL.DOE.GOV"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<meta name="GENERATOR" content="MSHTML 8.00.6001.19298">
<div>I don't think that I am. I only define internal forwarders
for internal zones as needed. For my root hint, standard
configuration:</div>
<div>Named.conf</div>
<div> </div>
<div>zone "." {<br>
type hint;<br>
file "named.ca";<br>
</div>
<div>Named.ca:</div>
<div> </div>
<div>; <<>> DiG 9.5.0b2 <<>> +bufsize=1200
+norec NS . @a.root-servers.net<br>
;; global options: printcmd<br>
;; Got answer:<br>
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id:
34420<br>
;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL:
20</div>
<div> </div>
<div>;; OPT PSEUDOSECTION:<br>
; EDNS: version: 0, flags:; udp: 4096<br>
;; QUESTION SECTION:<br>
;. IN NS</div>
<div> </div>
<div>;; ANSWER SECTION:<br>
. 518400 IN NS
M.ROOT-SERVERS.NET.<br>
. 518400 IN NS
A.ROOT-SERVERS.NET.<br>
. 518400 IN NS
B.ROOT-SERVERS.NET.<br>
. 518400 IN NS
C.ROOT-SERVERS.NET.<br>
. 518400 IN NS
D.ROOT-SERVERS.NET.<br>
. 518400 IN NS
E.ROOT-SERVERS.NET.<br>
. 518400 IN NS
F.ROOT-SERVERS.NET.<br>
. 518400 IN NS
G.ROOT-SERVERS.NET.<br>
. 518400 IN NS
H.ROOT-SERVERS.NET.<br>
. 518400 IN NS
I.ROOT-SERVERS.NET.<br>
. 518400 IN NS
J.ROOT-SERVERS.NET.<br>
. 518400 IN NS
K.ROOT-SERVERS.NET.<br>
. 518400 IN NS
L.ROOT-SERVERS.NET.</div>
<div> </div>
<div>;; ADDITIONAL SECTION:<br>
A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4<br>
A.ROOT-SERVERS.NET. 3600000 IN AAAA
2001:503:ba3e::2:30<br>
B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201<br>
C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12<br>
D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90<br>
E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10<br>
F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241<br>
F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f<br>
G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4</div>
<div>H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53<br>
H.ROOT-SERVERS.NET. 3600000 IN AAAA
2001:500:1::803f:235<br>
I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17<br>
J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30<br>
J.ROOT-SERVERS.NET. 3600000 IN AAAA
2001:503:c27::2:30<br>
K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129<br>
K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1<br>
L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42<br>
M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33<br>
M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35</div>
<div> </div>
<div>;; Query time: 147 msec<br>
;; SERVER: 198.41.0.4#53(198.41.0.4)<br>
;; WHEN: Mon Feb 18 13:29:18 2008<br>
;; MSG SIZE rcvd: 615<br>
<br>
"named.ca" 52L, 1892C<br>
<br>
<br>
>>> "Kevin Darcy" <a class="moz-txt-link-rfc2396E" href="mailto:kcd@chrysler.com"><kcd@chrysler.com></a> 10/12/2012
1:20 PM >>><br>
</div>
<div class="moz-cite-prefix">On 10/12/2012 12:28 PM, James Tingler
wrote:<br>
</div>
<blockquote cite="mid:50780CC8.2E62.00CF.0@CONTR.NETL.DOE.GOV"
type="cite">
<meta name="GENERATOR" content="MSHTML 8.00.6001.19298">
<div>Hello,</div>
<div> </div>
<div>I'm getting what appears to be a common "error (unexpected
RCODE REFUSED) resolving" error. My research has lead me to
disable IPv6 when starting the named service with "<span
style="FONT-FAMILY: 'Times New Roman','serif'; FONT-SIZE:
12pt; mso-fareast-font-family: 'Times New Roman'">named -4"
as it could be related to IPv6 broken connectivity (of which
we been actively deploying and testing). This has taken
away the AAAA log activity but I still get the error:</span></div>
<div><span style="FONT-FAMILY: 'Times New Roman','serif';
FONT-SIZE: 12pt; mso-fareast-font-family: 'Times New Roman'"></span> </div>
<div>Oct 12 16:06:55 prod75-dns1 named[23866]: error (unexpected
RCODE REFUSED) resolving 'nbc.com/A/IN': 205.173.93.213#53</div>
<div> </div>
<div>Exploring this more, almost all domains I'm having problems
with (as discovered through dig) is related to this forwarder:</div>
<div>
<pre>nationalmap.gov. 5M IN NS rdsdns5.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns1.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns2.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns6.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns3.ultradns.net.
nationalmap.gov. 5M IN NS rdsdns4.ultradns.net.</pre>
<pre>linkedin.com, nbc.com, nationalmap.gov</pre>
</div>
</blockquote>
nbc.com is not hosted on those nameservers:<br>
<br>
nbc.com. 86400 IN NS
pdns1.ultradns.net.<br>
nbc.com. 86400 IN NS
pdns2.ultradns.net.<br>
nbc.com. 86400 IN NS
pdns3.ultradns.org.<br>
nbc.com. 86400 IN NS
pdns4.ultradns.org.<br>
nbc.com. 86400 IN NS
pdns5.ultradns.info.<br>
nbc.com. 86400 IN NS
pdns6.ultradns.co.uk.<br>
nbc.com. 86400 IN NS ns1.netbcp.com.<br>
nbc.com. 86400 IN NS ns2.netbcp.net.<br>
<br>
Neither is linkedin.com.<br>
<br>
I hope you're not trying to use authoritative nameservers as
"forwarders" in the strict BIND sense. If you have full Internet
connectivity, there's really no reason to be forwarding at all.
Configure your root hints and be happy.<br>
<br>
<br>
<blockquote cite="mid:50780CC8.2E62.00CF.0@CONTR.NETL.DOE.GOV"
type="cite">
<div>
<pre>Note - I'm also seeing plenty of lame server and EDNS errors. </pre>
</div>
</blockquote>
Those are fairly normal.<br>
<br>
- Kevin<br>
</blockquote>
<br>
<br>
</body>
</html>