Christopher Vance wrote:
If it gives you a different TTL when you ask again, it's giving you a cached answer rather than an authoritative one.
The AA (authoritative answer) field in the flags is a surer method of determining if the supposed secondary is resolving from cache or from a valid copy of the zone file. Voytek should make sure his primary server is handing out AAs before trying the secondaries, as syntax error on the master zone is the most common reason for secondaries not giving AA answers. Then look at the serial number in dig @primary.example.edu.au soa example.edu.au and dig @secondary.example.edu.au soa example.edu.au since failing to increment the serial number on the master is the next most common reason for a failure. Finally, a failure of the zone transfer is the last common possibility and the master's log file will have a record of this. Note that I could have done both of these tings myself if he'd given out real DNS names. I can't see why you wouldn't do that when asking this sort of question. Thw whole point is that the public can look at the names, so what's the security concern? Cheers, Glen -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
