Hello Hans,
Thu, 14 Aug 2008 14:05:21 +0200 Hans F. Nordhaug wrote: >> Assuming that your name servers aren't authoritative for the, say, >> yandex.ru, ku.dk and asahi.co.jp zones, please post here the >> results of doing at least one command suggested below without the >> query-source directive specified in your named.conf. >> >> dig images.yandex.ru. a +tra > [cut] > > Thx for replying. I did a query for the a record of images.yandex.ru > with and without the trace. With trace, I get a reply - without > trace, I don't (see below). (Well, I do - put after 3-4 repeated > queries.) I really don't get it. What number of queries you've done with trace enabled? > If I should guess, it must be dig sending the queries differently > when tracing. Yes. I suggest you to obtain a traffic dump between the g4.tibe.no and the outside world while doind the queries without trace enabled. > If it is the firewall (Cisco ASA 5510) being overwhelmed, I don't > know where to look - I have tried... > ; <<>> DiG 9.3.4-P1 <<>> @g4.tibe.no images.yandex.ru. a > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42214 ^ ^^^^^^^^^^^^^^^^ > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;images.yandex.ru. IN A > > ;; Query time: 1 msec ^^^^^^^^^^^^^^^^^^^^^^^ An interesting fact. Much like your query has been aborted and now you should try to understand at which phase. > ;; SERVER: 213.161.248.67#53(213.161.248.67) > ;; WHEN: Thu Aug 14 13:57:13 2008 > ;; MSG SIZE rcvd: 34 -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.name/
