Problem with .fr domains [TEST check if server is really recursive]: answer refused from server (IN/SOA: fr.)
Markus Ferlitsch
m.ferlitsch at gmail.com
Mon Aug 3 20:27:14 EDT 2009
ok, but some mails before you wrote I should compile with ./configure ; make
also not a authonly version. Because of this unclear info I wanted to
know how Alexandre compiled his maradns.
I will try it tomorrow - it's time for bed :)
(at time the recursive_acl lines were only comment out but the mistake
that one line was active came because I tried other configuration -
and then I forgot to disable it again - sorry
PS: Now I have compiles your last version normally and all
recursiv_acl are comment out. Normally it should work, shouldn't?
2009/8/3, Sam Trenholme <strenholme.usenet at gmail.com>:
>>do.domain: mydomain.com
>>ns: ns3.my.co <http://ns3.my.com>m
>>--> recursion desired: True recursion avail: True
>
> OK, you're not doing something I am telling you to do. Let me make it
> simpler so it works:
>
> * Make sure you are using as version of MaraDNS that can not have the RA
> set.
>
> To do this, make sure you delete every single copy of MaraDNS you may have
> on your server. Once you do this, recompile MaraDNS as a server WITHOUT
> recursion:
>
> ./configure --authonly ; make
>
> This will ensure that the RA bit is ALWAYS cleared.
>
> * Make sure there is, nowhere, and I mean NOWHERE in your mararc file a line
> that says "recursive_acl". If you have any such line in your mararc file,
> remove it now. Don't comment it out. REMOVE IT.
>
> If you need both recursion and authoritative support, use another copy of
> MaraDNS on another IP. You can't have both authoritative and recursive
> support in MaraDNS, and have it so AFNIC thinks the server doesn't have
> recursion.
>
> RA simply indicates recursion is available; it doesn't mean recursion is
> available to AFNIC, but AFNIC has this need to go above and beyond the RFCs
> and think that, if RA is set, that means anyone on the internet can make
> recursive queries with their DNS server.
>
> Anyway, it's really important you follow all of my directions. I asked you
> if there were any copies of recursive_acl in your MaraRC file, you told me
> there weren't, but in truth there was.
>
> Again, my AFNIC fix makes it so you need to use another instance of MaraDNS
> on another IP if you want recursion.
>
> - Sam
>
More information about the list
mailing list