A refresh query is equivalent to "dig soa @ +norec".

You should get only the SOA record for the zone in the
answer section and "aa" should be set in the flags field.
If you don't then there is a error on the master.

Mark

e.g.

; <<>> DiG 9.3.4-P1 <<>> soa +norec dv.isc.org @::1
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18464
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 5

;; QUESTION SECTION:
;dv.isc.org. IN SOA

;; ANSWER SECTION:
dv.isc.org. 3600 IN SOA bsdi.dv.isc.org. marka.isc.org. 2007103051 86400 21600 2419200 86400

;; AUTHORITY SECTION:
dv.isc.org. 86400 IN NS drugs.dv.isc.org.
dv.isc.org. 86400 IN NS bsdi1.dv.isc.org.

;; ADDITIONAL SECTION:
bsdi1.dv.isc.org. 86400 IN A 192.168.191.233
drugs.dv.isc.org. 86400 IN A 192.168.191.236
drugs.dv.isc.org. 86400 IN AAAA 2001:470:1f00:820:214:22ff:fed9:fbdc
drugs.dv.isc.org. 86400 IN AAAA fd92:7065:b8e:0:214:22ff:fed9:fbdc
drugs.dv.isc.org. 86400 IN AAAA fe80::214:22ff:fed9:fbdc

;; Query time: 29 msec
;; SERVER: ::1#53(::1)
;; WHEN: Tue Apr 1 08:13:01 2008
;; MSG SIZE rcvd: 231

> Sorry - good point. Yes, the slave is also being the firewall.
>
> If I set the master addres to 192.168.1.1, I get the same result. If I
> check my master logs, I do see that my Master dns server is being queried
> for the records and responding to bind's requests.
>
> Is there a way I can have bind log more detailed info to try to understand
> why it thinks the response is non-authoritative?
>
> Thanks!
>
> Eric
>
> "Chris Buxton" wrote in message
> news:B93F8A8D-F72E-47AF-8074-BCBEF1132075@menandmice.com...
> You didn't say whether the slave server is also behind the firewall.
> If it is, I would guess that the non-authoritative answer is coming
> from the firewall, not from the actual master server. What happens if
> you set the master server address in your zone statement to 192.168.1.1?
>
> Chris Buxton
> Professional Services
> Men & Mice
>
> On Mar 31, 2008, at 9:57 AM, Eric B. wrote:
> > Hi,
> >
> > I'm trying to set up bind 9.2.4 to create slave zones on my machine
> > for a
> > bunch of dns zones. The master is a Win2K Server running it's built-
> > in DNS
> > (not Active Directory).
> >
> > My named.conf file lists the following:
> > options {
> > directory "/var/named";
> > dump-file "/var/named/data/cache_dump.db";
> > statistics-file "/var/named/data/named_stats.txt";
> > zone-statistics yes;
> > notify yes; // notify the above IP's when a zone is updated
> > pid-file "/var/run/named/named.pid";
> > transfer-format many-answers; // Generates more efficient zone
> > transfers
> > listen-on { any; };
> > };
> >
> > include "/etc/rndc.key";
> >
> > zone "mydomain.biz.dns" IN { type slave; file "slaves/
> > mydomain.biz.dns";
> > masters { 198.20.1.1; }; };
> >
> >
> > // Include logging config file
> > include "/var/named/conf/logging.conf";
> >
> >
> >
> > However, if I look at /var/log/named/general.log, I see the
> > following error
> > messages:
> > Mar 31 12:26:25.902 zone mydomain.biz.dns/IN: refresh: non-
> > authoritative
> > answer from master 198.20.1.1#53
> >
> > This is confusing me extremely. If I check the configuration on the
> > master
> > server, the zone is configured as the primary server. If it is of
> > any help,
> > I can also post the actual dns conf file for the zone on the W2K
> > server.
> >
> > The only thing I can think of is that my zone's NS records point to
> > my DNS
> > server's public address, even though my DNS server is actually
> > behind a
> > firewall and has an internal address:
> >
> > ; Zone NS recors
> > @ NS ns1.mydomain.biz
> > ns1.mydomain.biz. A 198.20.1.1
> >
> > But my primary server's address is actually 192.168.1.1 (and mapped to
> > 198.20.1.1 through my firewall rules).
> >
> >
> > Is this a configuration problem of bind, the Win2K server, or the
> > actual
> > zone information within the DNS server?
> >
> > Any help, ideas, suggestions would be greatly appreciated.
> >
> > Thanks,
> >
> > Eric
> >
> >
> >
> >
> >

>
>
>
>
>
>

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org