On 4/12/2011 4:33 AM, kapetr wrote:
Hello,
Kevin Darcy<k...@chrysler.com> WROTE:
Do You thing, that this VPN provider
- blocks direct (not recursive) DNS questions
and
- manipulates recursive queries ? [catch them,
make query itself and
answers with manipulated server IP]
???
None of your queries were non-recursive (you'd
need "+norec" on your dig
command line for that), so I wouldn't jump to the
conclusion that
non-recursive queries are being blocked.
I did mean queries from my local BIND, not from dig command.
What's more likely happening is that *all* of your
queries are being
transparently redirected to a recursive resolver.
Although, I'd be
curious to see what responses you get if you
actually generate
non-recursive queries (with the "+norec").
I have try it. Unfortunately ...
I have get normal answers (from DNS server in Internet, which was
accessed over the new default route == over VPN) even with
+norecurse or +trace. These non-recurse queries have go over the VPN
and I have get normal answers. :-(
How "normal" are they? BIND is likely to reject them if they purport to
be from authoritative data, but the AA flag isn't set...
- Kevin
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
