On 16.11.20 22:58, Boylan, Ross wrote:
I have been experiencing NXDOMAIN errors persistently, though not 100% of
the time, for a machine I am trying to reach. The queries worked OK
before today. I not only don't know what's causing it, but am having
trouble tracing what's going on inside of bind. I'd be grateful for help
on either front, getting DNS to work or debugging.
There are a lot of complications. In brief, the machine and name
resolution for it are only available through VPN; I have a search list
which should cause some failed lookups if the original doesn't work; and
I'm using views. Some details follow, and then discussion of my debugging
attempts.
DETAILS
The remote machine is only accessible though VPN, and the nameserver that
knows how to find it is also accessible only through VPN. The IP of that
nameserver is first on my forwarders list on my local machine. When
failures happen the replies indicate the request was addressed to the
public-facing nameservers; it is good that they don't provide any info,
but they shouldn't be getting the request.
forwarders are not used in specified order, named measures TTL and uses server
that answers first.
you can configure configure your domain with specified forwarders and to be
"forward only".
I also added the target domain (ucsf.edu) to my search list. So when I ask
for mymachine.ucsf.edu, this will also generate a query for
mymachine.ucsf.edu.ucsf.edu if the first query fails. The second query is
asking for a non-existent domain, and so maybe that is the proximate
source of the NXDOMAIN.
this could be controlled by option "ndots:1" in resolv.conf, so search list
ignored for every hostname with one or more dots
... this is not BIND issue but the stub resolver issue.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
