External queries fail on BIND 8.3.1
Kevin Darcy
kcd at daimlerchrysler.com
Mon Jun 17 22:25:19 UTC 2002
Six Wayz wrote:
> "Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
> news:aedv28$kgg$1 at isrv4.isc.org...
> >Try pointing "dig" directly at the forwarders and see if you get a
> response
> >that way. If the query times out, then it's probably a firewall issue...
> >
> >
> >-Kevin
>
> Thanks for the reply, Kevin.
> I've taken your suggestion and posted the results here. Unfortunately, the
> outcome suggests that it is not a firewall issue. I am allowing queries out
> on port 53 and keeping the state. Here's the outcome:
>
> [root at router]# dig @ISP's nameserver#1 isc.org
>
> ; <<>> DiG 8.3 <<>> @ISP's nameserver#1 isc.org
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;; isc.org, type = A, class = IN
>
> ;; ANSWER SECTION:
> isc.org. 1H IN A 204.152.184.85
>
> ;; AUTHORITY SECTION:
> isc.org. 1H IN NS ns1.gnac.com.
> isc.org. 1H IN NS gns1.nominum.com.
> isc.org. 1H IN NS gns2.nominum.com.
> isc.org. 1H IN NS ns-ext.vix.com.
> isc.org. 1H IN NS ns-int.vix.com.
>
> ;; ADDITIONAL SECTION:
> ns-ext.vix.com. 1H IN A 204.152.184.64
> ns-int.vix.com. 1H IN A 204.152.184.65
>
> ;; Total query time: 160 msec
> ;; FROM: router.mydomain.org to SERVER: ISP's nameserver#1
> ;; WHEN: Fri Jun 14 23:31:33 2002
> ;; MSG SIZE sent: 25 rcvd: 191
>
> Any other suggestions?
So, you're querying from exactly the same IP address that your nameserver would
use to send queries, right? And a "dig" works but forwarding doesn't. Very odd.
I'd turn on debugging at this point. See if your nameserver is even *trying* to
forward the queries.
- Kevin
More information about the bind-users
mailing list