dig

[Doug Hardie]

On 21 August 2013, at 18:14, Colin House <colin at restecp.com> wrote:

> On 22/08/2013 9:34 AM, Doug Hardie wrote:
>> There appears to be a problem with dig and the +trace option in 9.2.  I believe its also in 9.1.  The command:
>> 
>> dig freebsd.org +trace
>> 
>> Only yields a dumb response.  No useful information is provided.  Running the same command on FreeBSD 7.2 yields a complete trace with lots of useful information.
> 
> Have you tested against another NS?  I ran into a similar problem when setting up unbound as a local recursor recently on a 9.1-STABLE (r251985) box.
> 
> dig +trace <domain> would return (next to) nothing.  dig +trace <domain> @8.8.8.8 worked as expected.
> 
> I found it was the access-control configuration of unbound.  Changing my "access-control: ::1 allow" to "access-control: ::1 allow_snoop" restored the +trace functionality.
> 
> I'm not sure how this translates with bind.. Perhaps the defaults have changed between the versions that you're running (if you're running the base versions on 7.2 and 9.1) or your recursive server isn't allowing it on 9.2?  Fwiw, in unbound, "allow" allows recursive lookups, "allow_snoop" allows both recursive and non-recursive lookups.


After a bunch of testing, I have determined that the problem is the routers.  If I use my local DNS servers or remote ones, then it works on all three systems.  Three different routers block it somehow.