Date: Thu, 22 Aug 2013 13:57:54 -0700 From: Doug Hardie <bc979@lafn.org> To: Colin House <colin@restecp.com> Cc: "freebsd-questions@freebsd.org List" <freebsd-questions@freebsd.org> Subject: Re: dig Message-ID: <85C3B314-E299-4655-B14C-E496F34EE55D@lafn.org> In-Reply-To: <521565DC.7040501@restecp.com> References: <F6FFC04A-5942-4ED8-BF33-C683EB07C798@lafn.org> <521565DC.7040501@restecp.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 August 2013, at 18:14, Colin House <colin@restecp.com> wrote: > On 22/08/2013 9:34 AM, Doug Hardie wrote: >> There appears to be a problem with dig and the +trace option in 9.2. = I believe its also in 9.1. The command: >>=20 >> dig freebsd.org +trace >>=20 >> Only yields a dumb response. No useful information is provided. = Running the same command on FreeBSD 7.2 yields a complete trace with = lots of useful information. >=20 > Have you tested against another NS? I ran into a similar problem when = setting up unbound as a local recursor recently on a 9.1-STABLE = (r251985) box. >=20 > dig +trace <domain> would return (next to) nothing. dig +trace = <domain> @8.8.8.8 worked as expected. >=20 > I found it was the access-control configuration of unbound. Changing = my "access-control: ::1 allow" to "access-control: ::1 allow_snoop" = restored the +trace functionality. >=20 > I'm not sure how this translates with bind.. Perhaps the defaults have = changed between the versions that you're running (if you're running the = base versions on 7.2 and 9.1) or your recursive server isn't allowing it = on 9.2? Fwiw, in unbound, "allow" allows recursive lookups, = "allow_snoop" allows both recursive and non-recursive lookups. After a bunch of testing, I have determined that the problem is the = routers. If I use my local DNS servers or remote ones, then it works on = all three systems. Three different routers block it somehow. =20=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?85C3B314-E299-4655-B14C-E496F34EE55D>