From owner-freebsd-questions@FreeBSD.ORG Thu Aug 22 20:58:01 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id B7255EA for ; Thu, 22 Aug 2013 20:58:01 +0000 (UTC) (envelope-from bc979@lafn.org) Received: from zoom.lafn.org (zoom.lafn.org [108.92.93.123]) by mx1.freebsd.org (Postfix) with ESMTP id 904552204 for ; Thu, 22 Aug 2013 20:58:01 +0000 (UTC) Received: from [10.13.243.219] ([107.14.25.34]) (authenticated bits=0) by zoom.lafn.org (8.14.3/8.14.2) with ESMTP id r7MKvxAA046754 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 22 Aug 2013 13:58:00 -0700 (PDT) (envelope-from bc979@lafn.org) Content-Type: text/plain; charset=iso-8859-1 Mime-Version: 1.0 (Mac OS X Mail 6.5 \(1508\)) Subject: Re: dig From: Doug Hardie In-Reply-To: <521565DC.7040501@restecp.com> Date: Thu, 22 Aug 2013 13:57:54 -0700 Content-Transfer-Encoding: quoted-printable Message-Id: <85C3B314-E299-4655-B14C-E496F34EE55D@lafn.org> References: <521565DC.7040501@restecp.com> To: Colin House X-Mailer: Apple Mail (2.1508) X-Virus-Scanned: clamav-milter 0.97 at zoom.lafn.org X-Virus-Status: Clean Cc: "freebsd-questions@freebsd.org List" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Aug 2013 20:58:01 -0000 On 21 August 2013, at 18:14, Colin House wrote: > On 22/08/2013 9:34 AM, Doug Hardie wrote: >> There appears to be a problem with dig and the +trace option in 9.2. = I believe its also in 9.1. The command: >>=20 >> dig freebsd.org +trace >>=20 >> Only yields a dumb response. No useful information is provided. = Running the same command on FreeBSD 7.2 yields a complete trace with = lots of useful information. >=20 > Have you tested against another NS? I ran into a similar problem when = setting up unbound as a local recursor recently on a 9.1-STABLE = (r251985) box. >=20 > dig +trace would return (next to) nothing. dig +trace = @8.8.8.8 worked as expected. >=20 > I found it was the access-control configuration of unbound. Changing = my "access-control: ::1 allow" to "access-control: ::1 allow_snoop" = restored the +trace functionality. >=20 > I'm not sure how this translates with bind.. Perhaps the defaults have = changed between the versions that you're running (if you're running the = base versions on 7.2 and 9.1) or your recursive server isn't allowing it = on 9.2? Fwiw, in unbound, "allow" allows recursive lookups, = "allow_snoop" allows both recursive and non-recursive lookups. After a bunch of testing, I have determined that the problem is the = routers. If I use my local DNS servers or remote ones, then it works on = all three systems. Three different routers block it somehow. =20=