Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.)
Sam Trenholme
strenholme.usenet at gmail.com
Mon Aug 3 17:01:51 EDT 2009
>do.domain: mydomain.com
>ns: ns3.my.co <http://ns3.my.com>m
>--> recursion desired: True recursion avail: True
OK, you're not doing something I am telling you to do. Let me make it
simpler so it works:
* Make sure you are using as version of MaraDNS that can not have the RA
set.
To do this, make sure you delete every single copy of MaraDNS you may have
on your server. Once you do this, recompile MaraDNS as a server WITHOUT
recursion:
./configure --authonly ; make
This will ensure that the RA bit is ALWAYS cleared.
* Make sure there is, nowhere, and I mean NOWHERE in your mararc file a line
that says "recursive_acl". If you have any such line in your mararc file,
remove it now. Don't comment it out. REMOVE IT.
If you need both recursion and authoritative support, use another copy of
MaraDNS on another IP. You can't have both authoritative and recursive
support in MaraDNS, and have it so AFNIC thinks the server doesn't have
recursion.
RA simply indicates recursion is available; it doesn't mean recursion is
available to AFNIC, but AFNIC has this need to go above and beyond the RFCs
and think that, if RA is set, that means anyone on the internet can make
recursive queries with their DNS server.
Anyway, it's really important you follow all of my directions. I asked you
if there were any copies of recursive_acl in your MaraRC file, you told me
there weren't, but in truth there was.
Again, my AFNIC fix makes it so you need to use another instance of MaraDNS
on another IP if you want recursion.
- Sam
More information about the list
mailing list