2011/9/23 Kevin Darcy<k...@chrysler.com>:
You're almost certainly getting the NXDOMAIN because you're spoofing
the
root servers, and your "fake" root servers don't have the same
knowledge as
the real ones, so they'll return NXDOMAIN for some queries (whereas
dig
+trace does not, because it follows the hierarchy down and asks
different
nameservers). In other words, you're shooting yourself in the foot
with your
hints-file trickery.
That was my thought as well. Sometime NXDOMAINs also could simply be
inconsistent authoritative data at the other end. Once again, building
a kluge to work around such a thing wouldn't be a good strategy.
John
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
