On 26.04.18 10:44, Reindl Harald wrote:
when the server is dnsmasq you get all sort of funny results from SERVFAIL to REFUSED combined with the right answer
that now even goes so far that named is no longer able to resolve zone-delegations pointing to a dnsmasq
dnsmasq is not full DNS server. and thus I don't recommend pointing delegations to dnsmasq server.
[root@testserver:~]$ nslookup rhsoft.testserver.example.com 127.0.0.1
** server can't find rhsoft.testserver.example.com: REFUSED
[root@flow-home:~]$ nslookup contentlounge.flow-home.example.net
** server can't find contentlounge.flow-home.example.net: SERVFAIL
nslokup is not reliable tool for debugging DNS problems. nslookup asks the DNS server for more data than you ask it for and thus can show error message when data you ask are available, but data it searches for are not.
[root@testserver:~]$ host rhsoft.testserver.example.com 127.0.0.1 Using domain server: Name: 127.0.0.1 Address: 127.0.0.1#53 Aliases: rhsoft.testserver.example.com has address 127.0.0.1 Host rhsoft.testserver.example.com not found: 5(REFUSED) Host rhsoft.testserver.example.com not found: 5(REFUSED)
"host" by default searches for A, AAAA and MX (as described in "-t" option), this shows that dnsmasq has returned "127.0.0.1" for A, and REFUSED for AAAA and MX records.
[root@testserver:~]$ dig rhsoft.testserver.example.com @127.0.0.1
;; ANSWER SECTION: rhsoft.testserver.example.com. 30 IN A 127.0.0.1
dig by default only asks for A which is why you got proper answer here. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. LSD will make your ECS screen display 16.7 million colors _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
