-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the header of the response to the second 'dig' command, note the
'flags' section. The 'ra' flag is not present.

In your named.conf, in the 'options' statement block, check your
'allow-recursion' statement. This is most likely the culprit. Your
query is coming from 127.0.0.1, and that address is probably not
listed in the allow-recursion ACL.

Chris Buxton
Professional Services
Men & Mice

On Sep 4, 2008, at 2:16 PM, ListAcc wrote:

> Hello,
>
> For the life of me I can not find the details of the problem: I have
> two servers in question, both are authoritative/cache servers. One
> server is auth for a few zones and the other one for a few zones
> due to
> a split hosting environment. Running Bind 9.3.5-P2 and Bind 9.3.4-
> P1 on
> CentOS. For this example I will identify them as server 1 and server
> 2. Also I have checked the logs nothing.
>
> Server 1 can not resolve domains at Server 2 and vice versa. It
> worked
> before I am not sure what happed. I thought it was the root hints
> so I
> updated and not the culprit. When I issue a dig here is the output
>
>
> [root@server2 ~]# dig company.com
>
> ; <<>> DiG 9.3.4-P1 <<>> company.com
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
>
> [root@server1 ~]# dig company2.com
>
> ; <<>> DiG 9.3.5-P2 <<>> company2.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6067
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 2
>
> ;; QUESTION SECTION:
> ;wizart1.com. IN A
>
> ;; AUTHORITY SECTION:
> com. 140357 IN NS j.gtld-servers.net.
> com. 140357 IN NS k.gtld-servers.net.
> com. 140357 IN NS l.gtld-servers.net.
> com. 140357 IN NS m.gtld-servers.net.
> com. 140357 IN NS a.gtld-servers.net.
> com. 140357 IN NS b.gtld-servers.net.
> com. 140357 IN NS c.gtld-servers.net.
> com. 140357 IN NS d.gtld-servers.net.
> com. 140357 IN NS e.gtld-servers.net.
> com. 140357 IN NS f.gtld-servers.net.
> com. 140357 IN NS g.gtld-servers.net.
> com. 140357 IN NS h.gtld-servers.net.
> com. 140357 IN NS i.gtld-servers.net.
>
> ;; ADDITIONAL SECTION:
> h.gtld-servers.net. 52569 IN A 192.54.112.30
> m.gtld-servers.net. 108692 IN A 192.55.83.30
>
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Thu Sep 4 14:39:35 2008
> ;; MSG SIZE rcvd: 285
>
>
> The zones have public IP addresses so the translation should work and
> resolve if using either server as a resolver. Both servers will
> resolve
> the domains they are auth for any other domain not hosted on the
> server
> except the ones on each others server if this makes sense.
>
> Thanks in advanced.
>
> Otis
>
>


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkjAVkAACgkQ0p/8Jp6Boi38VACfacM3feAJN/x3cmsF3dgRowhi
V4gAoJv9sz723/ZK2Z7HSY6KC5jfZEY/
=DT5y
-----END PGP SIGNATURE-----