Hi Can you elaborate on +cd? a dig option, I am not finding it as an option.
thanks con > On May 31, 2018, at 2:51 PM, Warren Kumari <war...@kumari.net> wrote: > > Try it with +cd and see if that fixes it. > > The DNSSEC stuff for this domain is all borked up -- sufficiently that > I felt like I was playing snakes and ladders while looking at: > http://dnsviz.net/d/extranet.aro.army.mil/dnssec/ > On Thu, May 31, 2018 at 5:45 PM John Miller <johnm...@brandeis.edu> wrote: >> >> Hi Con, >> >> May I suggest running dig +trace extranet.aro.army.mil from your >> nameserver? That'll make the delegation process explicit and help you >> troubleshoot a little better. It could be that one of the three main >> army.mil nameservers is unreachable by your ns for some reason >> (routing being a likely culprit). >> >> John >> >> On Thu, May 31, 2018 at 5:29 PM, Con Wieland <cwiel...@uci.edu> wrote: >>> and here they are but I don’t see anything indicating what the problem >>> might be >>> >>> 31-May-2018 13:56:01.150 queries: info: client 128.200.1.20#37203 >>> (extranet.aro.army.mil): view internal: query: extranet.aro.army.mil IN A >>> +E (128.200.1.201) >>> 31-May-2018 13:56:01.151 resolver: debug 1: createfetch: >>> aro.army.mil.edgekey.dmz.akamai.csd.disa.mil A >>> 31-May-2018 13:56:06.153 queries: info: client 128.200.1.20#37203 >>> (extranet.aro.army.mil): view internal: query: extranet.aro.army.mil IN A >>> +E (128.200.1.201) >>> 31-May-2018 13:56:06.153 resolver: debug 1: createfetch: >>> aro.army.mil.edgekey.dmz.akamai.csd.disa.mil A >>> 31-May-2018 13:56:11.158 queries: info: client 128.200.1.20#37203 >>> (extranet.aro.army.mil): view internal: query: extranet.aro.army.mil IN A >>> +E (128.200.1.201) >>> 31-May-2018 13:56:11.158 query-errors: debug 1: client 128.200.1.20#37203 >>> (extranet.aro.army.mil): view internal: query failed (SERVFAIL) for >>> extranet.aro.army.mil/IN/A at query.c:7215 >>> 31-May-2018 13:56:11.158 resolver: debug 1: createfetch: >>> aro.army.mil.edgekey.dmz.akamai.csd.disa.mil A >>> 31-May-2018 13:56:21.168 query-errors: debug 1: client 128.200.1.20#37203 >>> (extranet.aro.army.mil): view internal: query failed (SERVFAIL) for >>> extranet.aro.army.mil/IN/A at query.c:7215 >>> >>>> On May 31, 2018, at 12:51 PM, Reindl Harald <h.rei...@thelounge.net> wrote: >>>> >>>> >>>> >>>> Am 31.05.2018 um 21:42 schrieb Con Wieland: >>>>> agreed but why would my server not resolve it while others do? >>>> >>>> ask the logs of 128.200.1.201 >>>> >>>> ; <<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> extranet.aro.army.mil >>>> ;; global options: +cmd >>>> ;; Got answer: >>>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56491 >>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 >>>> ;; SERVER: 128.200.1.201#53(128.200.1.201) >>>> >>>>>> On May 31, 2018, at 12:16 PM, Reindl Harald <h.rei...@thelounge.net> >>>>>> wrote: >>>>>> >>>>>> >>>>>> >>>>>> Am 31.05.2018 um 21:09 schrieb Con Wieland: >>>>>>> I have a nameserver that can not resolve extranet.aro.army.mil. >>>>>> >>>>>> terrible slow and insane config - fix it >>>>>> >>>>>> https://intodns.com/aro.army.mil >>>>>> >>>>>> ;; Query time: 1175 msec >>>>>> ;; SERVER: 127.0.0.1#53(127.0.0.1) >>>>>> ;; WHEN: Do Mai 31 21:12:26 CEST 2018 >>>>>> ;; MSG SIZE rcvd: 247 >>>>>> >>>>>> ;; Query time: 1109 msec >>>>>> ;; SERVER: 8.8.8.8#53(8.8.8.8) >>>>>> ;; WHEN: Do Mai 31 21:12:52 CEST 2018 >>>>>> ;; MSG SIZE rcvd: 191 >>>>>> >>>>>> ;; ANSWER SECTION: >>>>>> aro.army.mil. 2022 IN NS ns03.army.mil. >>>>>> aro.army.mil. 2022 IN NS ns02.army.mil. >>>>>> aro.army.mil. 2022 IN NS ns01.army.mil. >>>>>> >>>>>> ;; Query time: 163 msec >>>>>> ;; SERVER: 192.82.113.7#53(192.82.113.7) >>>>>> ;; WHEN: Do Mai 31 21:15:37 CEST 2018 >>>>>> ;; MSG SIZE rcvd: 98 >>>>>> Warn SOA REFRESH WARNING: Your SOA REFRESH interval is: 900. >>>>>> That is >>>>>> not so ok >>>>>> Warn SOA RETRY Your SOA RETRY value is: 90. That is NOT OK >>>> >>> >>> _______________________________________________ >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >>> unsubscribe from this list >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users >> >> >> >> -- >> John Miller >> Senior Systems Engineer >> Brandeis University ITS >> johnm...@brandeis.edu >> (781) 736-4619 >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > > > > -- > I don't think the execution is relevant when it was obviously a bad > idea in the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair > of pants. > ---maf > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
