your mail

G.W. Haywood bind at jubileegroup.co.uk
Sat Jan 15 13:13:53 UTC 2022 

Hi there,

On Sat, 15 Jan 2022, Diego Garcia wrote:

> Still with problems. That setup was running fine for few years.

But you changed something.

> Bind Server is on DMZ and doing NAT for the local net. Test Server is
> behing NAT
>
> Must have another problem
>
> I try this days a lot of things and nothing works,

Generally speaking, if you set things up right, BIND Just Works.  It
must be a couple of decades since I last had to fiddle with anything
to fix a broken BIND server.

It is not helpful to us if you tell us that you have tried a lot of things.
It would be much more helpful if you told us exactly what you have tried
and exactly what were the results.  You need to be methodical and precise.

> think in try reinstall but i preferred to know what happened and solve it

'Reinstall' to me means the sort of thing that you do if you're
working on a Windows box.  If you're using a real computer it's
usually much better to find out what's going wrong and fix it.

> ...
> network unreachable resolving 'play.google.com/A/IN': 216.239.36.10#53
> ...

If you are getting 'network unreachable' messages then likely there's
something wrong with your network setup.  Before doing anything else,
you need to fix that.  It may or may not be a problem of your making,
but given that you said you are using BIND on a server in a DMZ then I
suspect that it is.  Using a DMZ will make things more complicated and
the faults will be more difficult to diagnose - especially for people
on mailing lists to whom you give little and very poor information.

It *looks* like BIND is trying to make queries but failing to connect
to anything to make them.

You do not appear to have acted on the good advice which was given to
you after your previous post.  Are you able to use tools like 'ping'
and 'traceroute' to diagnose network problems, also like Wireshark or
tcpdump to inspect network traffic?  These would be my first steps in
approaching this kind of problem.  You will need to know that packets
from the BIND server can go where they're supposed to go and replies
reach the server in good time.  You might also need to be able to see
exactly what BIND sends, where it sends it, exactly what it receives
(if anything) in reply to what it sends, and perhaps where the replies
come from.  If there are no replies, or the replies go to the wrong
place, you need to be able to show that and find out why.

What exactly are you trying to achieve which cannot be achieved by
simply using a public DNS service, or one provided by your ISP?

-- 

73,
Ged.

More information about the bind-users mailing list