Root Name Servers won't respond to named.

Kevin Darcy kcd at daimlerchrysler.com
Tue Mar 27 22:56:09 UTC 2001 

When your system resolver sends queries it is sending them from an unprivileged port number and
receiving responses back on that port number. When named sends queries, the way you have things
configured, it is sending them from port 53 and expecting responses back to port 53. So the fact that
you can resolve from other nameservers doesn't necessarily rule out some sort of network or firewall
problem. Perhaps there is a rule somewhere blocking packets to port 53.

What happens if you try commenting out the query-source option? Why do you think you even need that
option? It might be doing you more harm than good.


- Kevin

milton at calnek.com wrote:

> I'm reluctant to upgrade beyond what comes from redhat.  I don't belive that's
> what the problem is.  I was previously at 8.2.2 and all of a sudden it stopped
> working. That was about a month ago.  I tried upgrading to the new rpm and that
> hasn't helped.  Also, the only thing I've been playng with is ipchains on the
> firewall... however, because of the testing I mentioned below, I feel it's not
> a firewall problem.  Also, I don't have any automatic software updating happening.
>
> I tried other logging commands... but I have since lost them.  And they didn't
> tell me much...  my named recieves the query... sends the query... but doesn't
> recieve an answer (my interpretation of the log).
>
> Thanks.
>
> /var/named/named.cache is below.
>
> /etc/named.conf:
> // generated by named-bootconf.pl
>
> options {
>         directory "/var/named";
>         query-source address * port 53;
> };
>
> logging {
>         channel option_debug {
>                 file "named.run";
>                 severity dynamic;
>                 // print-severity yes;
>                 print-time yes;
>         };
>         channel update_debug {
>                 file "update.debug.log";
>                 severity dynamic;
>                 print-time yes;
>         };
>         channel update_debug_trc {
>                 file "named.run";
>                 severity dynamic;
>                 print-time yes;
>         };
>         channel my_security_channel {
>                 file "security.log";
>                 severity info;
>                 print-time yes;
>         };
>         category default { option_debug; default_syslog; };
>         category notify  { update_debug; update_debug_trc; };
>         category update  { update_debug; update_debug_trc; };
>         category security { my_security_channel; };
> }
>
> //
> // named.boot.
> //
> // This file automatically generated by host2dns (/usr/local/bin/host2dns) v2.0
> // written by Milton Calnek (milton at unibase.com).
> //
> zone "." {
>         type hint;
>         file "named.cache";
> };
>
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "localhost.rev";
> };
>
> zone "localhost" {
>         type master;
>         file "localhost.fwd";
> };
>
> // Files in /var/hosts determine this section.
> zone "PEANUTS.LAN" {
>         type master;
>         file "PEANUTS.LAN.fwd";
> };
>
> zone "0.168.192.in-addr.arpa" {
>         type master;
>         file "192.168.0.rev";
> };
>
> zone "LAN" {
>         type master;
>         file "LAN.fwd";
> };
>
> zone "XMAS.LAN" {
>         type master;
>         file "XMAS.LAN.fwd";
> };
>
> zone "1.168.192.in-addr.arpa" {
>         type master;
>         file "192.168.1.rev";
> };
>
> zone "DWARF.LAN" {
>         type master;
>         file "DWARF.LAN.fwd";
> };
>
> zone "2.168.192.in-addr.arpa" {
>         type master;
>         file "192.168.2.rev";
> };
>
> zone "MCE.CALNEK.COM" {
>         type master;
>         file "MCE.CALNEK.COM.fwd";
> };
>
> zone "56.73.198.in-addr.arpa" {
>         type master;
>         file "198.73.56.rev";
> };
>
> /var/named/named.cache:
> ;
> ; Initial cache data for root domain servers.
> ;
>
> .                       99999999        IN      NS      a.root-servers.net.
> .                       99999999        IN      NS      b.root-servers.net.
> .                       99999999        IN      NS      c.root-servers.net.
> .                       99999999        IN      NS      d.root-servers.net.
> .                       99999999        IN      NS      e.root-servers.net.
> .                       99999999        IN      NS      f.root-servers.net.
> .                       99999999        IN      NS      g.root-servers.net.
> .                       99999999        IN      NS      h.root-servers.net.
> .                       99999999        IN      NS      i.root-servers.net.
> .                       99999999        IN      NS      j.root-servers.net.
> .                       99999999        IN      NS      k.root-servers.net.
> .                       99999999        IN      NS      l.root-servers.net.
> .                       99999999        IN      NS      m.root-servers.net.
>
> a.root-servers.net.     99999999                IN              A       198.41.0.4
> b.root-servers.net.     99999999                IN              A       128.9.0.107
> c.root-servers.net.     99999999                IN              A       192.33.4.12
> d.root-servers.net.     99999999                IN              A       128.8.10.90
> e.root-servers.net.     99999999                IN              A       192.203.230.10
> f.root-servers.net.     99999999                IN              A       192.5.5.241
> g.root-servers.net.     99999999                IN              A       192.112.36.4
> h.root-servers.net.     99999999                IN              A       128.63.2.53
> i.root-servers.net.     99999999                IN              A       192.36.148.17
> j.root-servers.net.     99999999                IN              A               198.41.0.10
> k.root-servers.net.             99999999                IN              A               193.0.14.129
> l.root-servers.net.             99999999                IN              A               198.32.64.12
> m.root-servers.net.             99999999                IN              A               202.12.27.33
>
> In message <Pine.BSF.4.21.0103271928070.1886-100000 at node10c4d.a2000.nl>, Roy Arends writes:
> > On Tue, 27 Mar 2001, Milton Calnek wrote:
> >
> > > I can't seem to get my named working (bind-8.2.3-0.6.x on RH 6.x).
> > > I've added as much debuging info as I could... but it is either
> > > incomprehensible to be or doesn't tell me anything (occurances of both).
> >
> > Please upgrade to BIND 8.2.3-REL.
> >
> > > In particular, I get the hints zone loaded (I read it in the syslog).
> > > I see outbound traffic to the root name servers.
> > >
> > > It doesn't seem network related because:
> > > 1. I can put other name servers in resolv.conf and my hosts work.
> > > 2. I have used ipchains and tcpdump to watch packets and they do leave
> > >    my system properly.
> > > 3. Others services work from my network (web, icq, unreal tournament, etc).
> > > 4. I can traceroute to the route namer servers.
> > >
> > > I could use (I think) the forwarders to provide name service for my network and let
> > > some other name server provide name service for the internet... but I'd rather
> > > make named work for me here.
> > >
> > > Any ideas on what to look at? Error messages that would clue me into the problem?
> > >
> > > Thanks.
> >
> > Please specify your named.conf, logs etc, so we can help you find the
> > problem.
> >
> > Regards,
> >
> > Roy Arends
> > Nominum
>
> --
> Milton Calnek
> milton at calnek.com
> TTI: +1 403 870 8479 milton at tti-telecom.com
>
> www.tti-telecom.com
>
> GCS d- s:+ a- C++$ ULH+++$ P+++ L+++ E--- W-- N o? K w O? M+
> V- PS++ PE Y+ PGP->+ t+ !5 X+ R tv b+ DI++ !D G>++++ e++
> h--- r+++ y+++

More information about the bind-users mailing list