> Date: Mon, 15 Dec 2008 11:52:01 +0100 > From: Peter Dambier <pe...@peter-dambier.de> > To: bind-users@lists.isc.org > Subject: Re: Where is the open recursion test? > X-FuHaFi: 0.62 > > just try > > dig -t any peter-dambier.de @<your-server> > > If it tells you something about denic it is not recursive. > If you get the complete answer it is very likely recursive. > > Something internal could have triggered the query but only > if your server is in /etc/resolv.conf.
Peter: Thanks! I ran that and got a full response back. Then I remembered that you cannot check on recursiveness from a trusted interface... I went to my ISP (alt email provider) and ran well% dig -t any peter-dambier.de @64.139.55.108 ; <<>> DiG 2.0 <<>> -t peter-dambier.de @64.139.55.108 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; res_send to server 64.139.55.108: Connection timed out "Connection timed out" is expected. Means that the ACLs are working. Just to make sure, lets test for something that CAN be resolved: well% dig metis.hicks-net.net @64.139.55.108 ; <<>> DiG 2.0 <<>> metis.hicks-net.net @64.139.55.108 ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 ;; flags: qr aa rd; Ques: 1, Ans: 1, Auth: 3, Addit: 1 ;; QUESTIONS: ;; metis.hicks-net.net, type = A, class = IN ;; ANSWERS: metis.hicks-net.net. 3600 A 64.139.55.108 ;; AUTHORITY RECORDS: hicks-net.net. 3600 NS ns1.xname.org. hicks-net.net. 3600 NS ns0.xname.org. hicks-net.net. 3600 NS ns.hicks-net.net. ;; ADDITIONAL RECORDS: ns.hicks-net.net. 3600 A 64.139.55.108 ;; FROM: well to SERVER: 64.139.55.108 ;; WHEN: Mon Dec 15 02:57:50 2008 ;; MSG SIZE sent: 37 rcvd: 131 well% That worked also. (I got the expected results... Yay!) Again, thanks! Regards, Gregory Hicks > > Kind regards > Peter > > > Gregory Hicks wrote: > >> Date: Mon, 15 Dec 2008 06:44:18 -0200 > >> From: Leonardo Rodrigues Magalhães <leolis...@solutti.com.br> > >> > >> Gregory Hicks escreveu: > >>> Greetings: > >>> > >>> Seeing in my named.log entries for "too many timeouts resolving > >>> '<some-domain-not-seen-before>'..." makes me wonder if my server is an > >>> open recursive server. > >>> > >>> Where is the test please for open recursion so I can check? > >> http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl > > > > Thanks! But I tried that about 6 hours earlier today. It said address > > 64.139.55.108 had status "untested". It also said that if I wanted my > > address retested, make a TCP connection to > > dns-surveyor.measurement-factory.com port 999 (e.g., with telnet) from > > the address to be tested. I did THAT also. So far, nothing. > > > > Any other ideas? [...] --------------------------------------------------------------------- Gregory Hicks | Principal Systems Engineer | Direct: 408.569.7928 People sleep peaceably in their beds at night only because rough men stand ready to do violence on their behalf -- George Orwell The price of freedom is eternal vigilance. -- Thomas Jefferson "The best we can hope for concerning the people at large is that they be properly armed." --Alexander Hamilton _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users