luminaire
Premium
join:2005-03-22
Oakville, ON
clubs:
| reply to nwrickert
Re: DNS Strangeness
Negative, doesn't seem to have fixed it.
ndavey@monkey:~$ ping www.dslreports.com
ping: unknown host www.dslreports.com
I actually had that omitted for the first little while but when things started not working I figured I'd explicitly state what is allowed. Here's a packet capture of the client to the server:
12:34:24.408887 IP (tos 0x0, ttl 64, id 44054, offset 0, flags [DF], proto UDP (17), length 64) 192.168.20.52.45861 > 1.1.1.1.53: [bad udp cksum f306!] 55115+ A? www.dslreports.com. (36)
12:34:24.423450 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 288) 1.1.1.1.53 > 192.168.20.52.45861: 55115- q: A? www.dslreports.com. 0/13/0 ns: com. NS[|domain]
12:34:24.423595 IP (tos 0x0, ttl 64, id 44056, offset 0, flags [DF], proto UDP (17), length 64) 192.168.20.52.39439 > 1.1.1.1.53: [bad udp cksum 920!] 55115+ A? www.dslreports.com. (36)
12:34:24.435409 IP (tos 0x0, ttl 57, id 0, offset 0, flags [DF], proto UDP (17), length 288) 1.1.1.1.53 > 192.168.20.52.39439: 55115- q: A? www.dslreports.com. 0/13/0 ns: com. NS[|domain]
As soon as this line is commented out it starts working:
allow-recursion { clients; };
It's almost like if the clients can't have recursive requests they don't bother asking again.
--
Luminaire
My Blog |
deblin
Dark Side of the Moon
Premium,MVM
join:2001-09-01
Middletown, DE
 ·Verizon FIOS
 ·Comcast Workplace
 ·DSL EXTREME
| The same construct works fine here:
acl internal { 10.0.0/24; 127.0.0.1; };
options {
allow-recursion { internal; };
...
For shits and giggles, have you tried using the masks instead, e.g.:
allow-recursion {
x.x.x.0/19;
x.x.x.0/19;
x.x.x.0/19;
y.y.y.y/16;
127.0.0.1/32;
::1;
};
--
Hello...is there anybody in there? |
