<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
color:black;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>There’s more: both ns1.netbcp.com and ns2.netbcp.net don’t respond to queries about nbc.com and ns1.netbcp.com doesn’t respond over TCP. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Frank<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:windowtext'> bind-users-bounces+frnkblk=iname.com@lists.isc.org [mailto:bind-users-bounces+frnkblk=iname.com@lists.isc.org] <b>On Behalf Of </b>Kevin Darcy<br><b>Sent:</b> Friday, October 12, 2012 12:48 PM<br><b>Cc:</b> bind-users@lists.isc.org<br><b>Subject:</b> Re: error (unexpected RCODE REFUSED) resolving<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>OK, so your nbc.com/A resolving error doesn't really have anything to do with the nameservers you included in your original post.<br><br>It does appear, however, that ns2.netbcp.net (205.173.93.213) is refusing requests generally for the nbc.com domain:<br><br>$ dig nbc.com +buf=4096 +norec @ns2.netbcp.net<br><br>; <<>> DiG 9.4.3-P3 <<>> nbc.com +buf=4096 +norec @ns2.netbcp.net<br>;; global options: printcmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 1019<br>;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1<br><br>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags:; udp: 4096<br>;; QUESTION SECTION:<br>;nbc.com. IN A<br><br>;; Query time: 30 msec<br>;; SERVER: 205.173.93.213#53(205.173.93.213)<br>;; WHEN: Fri Oct 12 13:44:56 2012<br>;; MSG SIZE rcvd: 36<br><br>ns1.netbcp.com appears to be doing the same thing.<br><br>Not known whether this is something temporary (performing maintenance?), or something permanent (provider's contract lapsed, but customer never updated delegations).<br><br>In any case, you have enough working authoritative nameservers for the domain, so it'll continue to resolve for you...<br><br> - Kevin<br><br><br><br>On 10/12/2012 1:35 PM, James Tingler wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>I don't think that I am. I only define internal forwarders for internal zones as needed. For my root hint, standard configuration:<o:p></o:p></p></div><div><p class=MsoNormal>Named.conf<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>zone "." {<br> type hint;<br> file "named.ca";<o:p></o:p></p></div><div><p class=MsoNormal>Named.ca:<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>; <<>> DiG 9.5.0b2 <<>> +bufsize=1200 +norec NS . @a.root-servers.net<br>;; global options: printcmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34420<br>;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 20<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>;; OPT PSEUDOSECTION:<br>; EDNS: version: 0, flags:; udp: 4096<br>;; QUESTION SECTION:<br>;. IN NS<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>;; ANSWER SECTION:<br>. 518400 IN NS M.ROOT-SERVERS.NET.<br>. 518400 IN NS A.ROOT-SERVERS.NET.<br>. 518400 IN NS B.ROOT-SERVERS.NET.<br>. 518400 IN NS C.ROOT-SERVERS.NET.<br>. 518400 IN NS D.ROOT-SERVERS.NET.<br>. 518400 IN NS E.ROOT-SERVERS.NET.<br>. 518400 IN NS F.ROOT-SERVERS.NET.<br>. 518400 IN NS G.ROOT-SERVERS.NET.<br>. 518400 IN NS H.ROOT-SERVERS.NET.<br>. 518400 IN NS I.ROOT-SERVERS.NET.<br>. 518400 IN NS J.ROOT-SERVERS.NET.<br>. 518400 IN NS K.ROOT-SERVERS.NET.<br>. 518400 IN NS L.ROOT-SERVERS.NET.<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>;; ADDITIONAL SECTION:<br>A.ROOT-SERVERS.NET. 3600000 IN A 198.41.0.4<br>A.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:ba3e::2:30<br>B.ROOT-SERVERS.NET. 3600000 IN A 192.228.79.201<br>C.ROOT-SERVERS.NET. 3600000 IN A 192.33.4.12<br>D.ROOT-SERVERS.NET. 3600000 IN A 128.8.10.90<br>E.ROOT-SERVERS.NET. 3600000 IN A 192.203.230.10<br>F.ROOT-SERVERS.NET. 3600000 IN A 192.5.5.241<br>F.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:2f::f<br>G.ROOT-SERVERS.NET. 3600000 IN A 192.112.36.4<o:p></o:p></p></div><div><p class=MsoNormal>H.ROOT-SERVERS.NET. 3600000 IN A 128.63.2.53<br>H.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:500:1::803f:235<br>I.ROOT-SERVERS.NET. 3600000 IN A 192.36.148.17<br>J.ROOT-SERVERS.NET. 3600000 IN A 192.58.128.30<br>J.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:503:c27::2:30<br>K.ROOT-SERVERS.NET. 3600000 IN A 193.0.14.129<br>K.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:7fd::1<br>L.ROOT-SERVERS.NET. 3600000 IN A 199.7.83.42<br>M.ROOT-SERVERS.NET. 3600000 IN A 202.12.27.33<br>M.ROOT-SERVERS.NET. 3600000 IN AAAA 2001:dc3::35<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>;; Query time: 147 msec<br>;; SERVER: 198.41.0.4#53(198.41.0.4)<br>;; WHEN: Mon Feb 18 13:29:18 2008<br>;; MSG SIZE rcvd: 615<br><br>"named.ca" 52L, 1892C<br><br><br>>>> "Kevin Darcy" <a href="mailto:kcd@chrysler.com"><kcd@chrysler.com></a> 10/12/2012 1:20 PM >>><o:p></o:p></p></div><div><p class=MsoNormal>On 10/12/2012 12:28 PM, James Tingler wrote:<o:p></o:p></p></div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>Hello,<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>I'm getting what appears to be a common "error (unexpected RCODE REFUSED) resolving" error. My research has lead me to disable IPv6 when starting the named service with "named -4" as it could be related to IPv6 broken connectivity (of which we been actively deploying and testing). This has taken away the AAAA log activity but I still get the error:<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Oct 12 16:06:55 prod75-dns1 named[23866]: error (unexpected RCODE REFUSED) resolving 'nbc.com/A/IN': 205.173.93.213#53<o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div><p class=MsoNormal>Exploring this more, almost all domains I'm having problems with (as discovered through dig) is related to this forwarder:<o:p></o:p></p></div><div><pre>nationalmap.gov. 5M IN NS rdsdns5.ultradns.net.<o:p></o:p></pre><pre>nationalmap.gov. 5M IN NS rdsdns1.ultradns.net.<o:p></o:p></pre><pre>nationalmap.gov. 5M IN NS rdsdns2.ultradns.net.<o:p></o:p></pre><pre>nationalmap.gov. 5M IN NS rdsdns6.ultradns.net.<o:p></o:p></pre><pre>nationalmap.gov. 5M IN NS rdsdns3.ultradns.net.<o:p></o:p></pre><pre>nationalmap.gov. 5M IN NS rdsdns4.ultradns.net.<o:p></o:p></pre><pre>linkedin.com, nbc.com, nationalmap.gov<o:p></o:p></pre></div></blockquote><p class=MsoNormal>nbc.com is not hosted on those nameservers:<br><br>nbc.com. 86400 IN NS pdns1.ultradns.net.<br>nbc.com. 86400 IN NS pdns2.ultradns.net.<br>nbc.com. 86400 IN NS pdns3.ultradns.org.<br>nbc.com. 86400 IN NS pdns4.ultradns.org.<br>nbc.com. 86400 IN NS pdns5.ultradns.info.<br>nbc.com. 86400 IN NS pdns6.ultradns.co.uk.<br>nbc.com. 86400 IN NS ns1.netbcp.com.<br>nbc.com. 86400 IN NS ns2.netbcp.net.<br><br>Neither is linkedin.com.<br><br>I hope you're not trying to use authoritative nameservers as "forwarders" in the strict BIND sense. If you have full Internet connectivity, there's really no reason to be forwarding at all. Configure your root hints and be happy.<br><br><br><br><o:p></o:p></p><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><pre>Note - I'm also seeing plenty of lame server and EDNS errors. <o:p></o:p></pre></div></blockquote><p class=MsoNormal>Those are fairly normal.<br><br> - Kevin<o:p></o:p></p></blockquote><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p></div></body></html>