If you check pcap, logs, etc., is the server's following delegation for 0.centos.pool.ntp.org? Where do outbound packets stop?
John On Tue, Sep 1, 2015 at 9:09 AM, Robert Moskowitz <r...@htt-consult.com> wrote: > I have one nameserver running bind 9.8.2 and a new one running 9.9.4. > > Both can resolve www.ietf.org > > Only the 9.8.2 can resolve 0.centos.pool.ntp.org > > I literally rsynced all the of the conf and zone files from the old to the > new, then changed all of the server name references. I have done this > before. I have another box running the 9.8.2 code that I built the same way > and it resolves both fqdns just fine. > > I am a lost at what is the problem. Both have the same named.conf: > > // > // > > include "/etc/named/named.acl"; > > options > { > listen-on port 53 { any; }; > listen-on-v6 port 53 { any; }; > > allow-query { localhost; }; > allow-query-cache { localhost; }; > recursion no; > > directory "/var/named"; > dump-file "/var/named/data/cache_dump.db"; > statistics-file "/var/named/data/named_stats.txt"; > memstatistics-file "/var/named/data/named_mem_stats.txt"; > > // dnssec-enable yes; > // dnssec-validation yes; > // dnssec-lookaside auto; > > dnssec-enable no; > dnssec-validation no; > > /* Path to ISC DLV key */ > // bindkeys-file "/etc/named.iscdlv.key"; > > // managed-keys-directory "/var/named/dynamic"; > > > }; > logging > { > /* If you want to enable debugging, eg. using the 'rndc trace' command, > * named will try to write the 'named.run' file in the $directory > (/var/named). > * By default, SELinux policy does not allow named to modify the > /var/named directory, > * so put the default debug log file in data/ : > */ > channel default_debug { > file "data/named.run"; > severity dynamic; > }; > }; > > view "internal" > { > > include "/etc/named/named.internal"; > > }; > view "external" > { > > include "/etc/named/named.external"; > > }; > > include "/etc/named/rndc.key"; > > ============== > and named.internal has: > > /* This view will contain zones you want to serve only to "internal" clients > * that have addresses that are not on your directly attached LAN interface > subnets: > */ > match-clients { httnets; }; > match-destinations { httnets; }; > allow-query { httnets; }; > allow-query-cache { httnets; }; > allow-recursion { httnets; }; > recursion yes; > empty-zones-enable yes; > > // include "/etc/named/named.trusted.key"; > include "/etc/named.rfc1912.zones"; > > zone "." IN { > type hint; > file "named.root"; > }; > > // These are your "authoritative" internal zones: > > zone "htt-consult.com" { > type master; > file "httin-consult.com.zone"; > }; > > etc. > > > ============== > > > Is the dnssec disabled possibly the problem? Like required now? _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users