On Wed, 30 Jul 2008, [EMAIL PROTECTED] wrote: > I'm having a strange problem with 9.5.0-P1. We upgraded from 9.2.3 last > week. Since then we have had problems with resolution of some domains > and not others. For example, we can't get resolution from the root name > servers for Microsoft.com, yahoo.com, msnbc.com, hotmail.com. We can > get it for dell.com, hp.com, cisco.com, novell.com and most others. We > put a sniffer on the wire going out to the internet and the queries were > going out but nothing was coming back for those domains. We then > reverted back to 9.2.3 and all is working well again. We are using the > same conf and zone files. Nothing has changed. We have updated our > db.root file, but that has not helped. Any ideas. This is compiled and > running on Solaris 9.
I am guessing that lookups that do work are in your cache. Maybe this is your problem: BIND 9.4 onwards implements "allow-query-cache". The "allow-query" option is no longer used to specify access to the cache. The "allow-query" option continues to specify which hosts are allowed to ask ordinary DNS questions. The new "allow-query-cache" option is used to specify which hosts are allowed to get answers from the cache. Since BIND 9.4.1, if "allow-query-cache" is not set then "allow-recursion" is used if it is set, otherwise "allow-query" is used if it is set, otherwise the default localnets and localhost is used. (from doc/misc/migration.) Also see the ARM for further details. Also see http://www.isc.org/sw/bind/docs/support_bulletin_200707.php Make sure your allow-query-cache, allow-recursion, and/or allow-query options are defined as appropriate.
