[Pdns-users] DiG: more success but puzzling
Brian Candler
b.candler at pobox.com
Fri Feb 17 08:05:16 UTC 2017
On 17/02/2017 06:10, stancs3 wrote:
> OK, I managed to get DiG to respond with A records, but only by
> specifying the hostname in from of the domain name. This is OK, but
> when the servers where reversed, a simple DiG NS would return the NS
> records,*and* the A records.
>
> Again not a showstopper unless it points to config still broken.
Do you mean that "dig foo" returns NXDOMAIN, but "ping foo" works
(resolving foo to the A record for foo.example.com)?
That's correct behaviour, and you should find it works if you do "dig
+search foo"
By default, the dig client by default does not use the search list in
/etc/resolv.conf, but normal DNS clients do.
nameserver x.x.x.x
search example.com
# Means: if I can't resolve foo them try adding example.com to the end
If you were able to do "dig foo" and got the answer previously, that
means your original nameserver configuration was completely broken - it
was answering queries for top-level name "foo." with data from elsewhere
in the DNS tree. So this is a good sign that you fixed things.
Pointing clients at the recursor, and having the recursor forward
specific domains to your internal authoritative DNS, is the right way to
do this.
Regards,
Brian.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20170217/907d239c/attachment.html>
More information about the Pdns-users
mailing list