On 17/02/2017 06:10, stancs3 wrote:
OK, I managed to get DiG to respond with A records, but only by
specifying the hostname in from of the domain name. This is OK, but
when the servers where reversed, a simple DiG NS would return the NS
records,*and* the A records.
Again not a showstopper unless it points to config still broken.
Do you mean that "dig foo" returns NXDOMAIN, but "ping foo" works
(resolving foo to the A record for foo.example.com)?
That's correct behaviour, and you should find it works if you do "dig
+search foo"
By default, the dig client by default does not use the search list in
/etc/resolv.conf, but normal DNS clients do.
nameserver x.x.x.x
search example.com
# Means: if I can't resolve foo them try adding example.com to the end
If you were able to do "dig foo" and got the answer previously, that
means your original nameserver configuration was completely broken - it
was answering queries for top-level name "foo." with data from elsewhere
in the DNS tree. So this is a good sign that you fixed things.
Pointing clients at the recursor, and having the recursor forward
specific domains to your internal authoritative DNS, is the right way to
do this.
Regards,
Brian.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
