In message <cal_2sc0mnjtuyiakxx71hmn5+22g-fakybdbloyrxb_hkbk...@mail.gmail.com>, Daniele Imbrogino writes: > I'm testing new configuration on VirtualBox following the advice of not > forwarding. > Furthermore, I exclude any reference to DNSSEC. > > So, in these conditions and assuming an empty cache, if I query for a > remote domain name, my server should query a root-server and then iterate, > right? > Well, Wireshark shows me outcoming queries and incoming responses to/from > root-servers, but "dig www.apple.com" (for example) fails with a timeout. > > "syslog" has a lot of "DNS format error ... non-improving referral" and > "error (FORMERR) resolving" entries.
Find the "transparent" DNS cache and nuke it. Most site that do this deploy a ordinary DNS recursive server and that DOES NOT work with recursive server expecting to be talking to authoritative servers. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
