Hi Kevin, thanks for your reply.
Am 01.10.18 um 20:46 schrieb Kevin Darcy: > Removing "forward only" just masks the problem by telling the resolver > algorithm to fail over to iterative resolution when it encounters the > SERVFAIL. You are probably right, but at least it chooses the correct nameserver / interface to use for the iterative resolution. When I don't specify any forwarders at all, it will resolve using the public nameserver, with the forwarders specified it will use the internal nameserver. So it does work (at least it returns the correct results). > Why this behavior changed from BIND 9.10.x to 9.13.x eludes me. It's a > clue to help you get to the root cause of the SERVFAIL, but only a clue. > More diagnosis and testing is required. Do you have any suggestion / recommendation what I can do to narrow the problem down? I already tried to increase the tracing and enabled query logging, but I couldn't get to the bottom of things. What else can I do here? Best regards, Karol Babioch
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users