Hide Forgot
Description of problem: The 'host' and 'nslookup' utilities perform recursive queries by default. If multiple nameservers are configured in /etc/resolv.conf, and these nameservers are configured as authoritative-only -- so no recursion is available -- then both the 'host' and 'nslookup' utilities will ignore the valid response returned by named, so long as more than one nameserver is configured in /etc/resolv.conf Version-Release number of selected component (if applicable): # lsb_release -a LSB Version: :core-4.0-amd64:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-noarch Distributor ID: RedHatEnterpriseServer Description: Red Hat Enterprise Linux Server release 6.2 (Santiago) Release: 6.2 Codename: Santiago # rpm -q bind-utils bind-utils-9.7.3-8.P3.el6_2.2.x86_64 # How reproducible: 100% Steps to Reproduce: 1. Set 'recursion no;' in your named.conf. 2. Ensure that instance of bind is present in /etc/resolv.conf. 3. Add an additional, non-existat -- i.e. 127.0.0.2 -- nameserver to /etc/resolv.conf. 4. Attempt to look up a host for which the nameserver is authoritative. Actual results: With /etc/resolv.conf: ----- domain example.com search example.com nameserver 127.0.0.1 nameserver 127.0.0.2 ----- # host foo.example.com. ;; connection timed out; no servers could be reached # On the network: ----- # tcpdump -i lo -lnp port 53 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes 20:42:38.796690 IP 127.0.0.1.56421 > 127.0.0.1.domain: 63281+ A? foo.example.com. (46) 20:42:38.796938 IP 127.0.0.1.domain > 127.0.0.1.56421: 63281*- 1/3/3 A 192.168.0.100 (179) 20:42:38.797128 IP 127.0.0.2.37682 > 127.0.0.2.domain: 63281+ A? foo.example.com. (46) 20:42:43.797499 IP 127.0.0.2.37682 > 127.0.0.2.domain: 63281+ A? foo.example.com. (46) ----- Expected results: With /etc/resolv.conf: ----- domain example.com search example.com nameserver 127.0.0.1 ----- # host foo.example.com. foo.example.com has address 192.168.0.100 # On the network: ----- 20:43:53.702429 IP 127.0.0.1.37943 > 127.0.0.1.domain: 55233+ A? foo.example.com. (46) 20:43:53.702545 IP 127.0.0.1.domain > 127.0.0.1.37943: 55233*- 1/3/3 A 192.168.0.100 (179) 20:43:53.702841 IP 127.0.0.1.50849 > 127.0.0.1.domain: 16205+ AAAA? foo.example.com. (46) 20:43:53.702940 IP 127.0.0.1.domain > 127.0.0.1.50849: 16205*- 0/1/0 (93) 20:43:53.703047 IP 127.0.0.1.60328 > 127.0.0.1.domain: 23258+ MX? foo.example.com. (46) 20:43:53.703119 IP 127.0.0.1.domain > 127.0.0.1.60328: 23258*- 0/1/0 (93) ----- Additional info: Both 'host' and 'nslookup' provide workarounds for this: '-r' and '-norec', respectively.
Both commands are part of the bind-utils package, which is built from the bind source package; reassigning.
*** This bug has been marked as a duplicate of bug 734458 ***