nlookup error on [server] ?

Jim Reid jim at rfc1035.com
Sun Dec 31 13:21:36 UTC 2000 

>>>>> "Hugh" == hughmac  <hughmac at my-deja.com> writes:

    Hugh> Primary DNS server, Linux Redhat 6.2 w/ named 8.2.2-P5.  I'm
    Hugh> getting regular (every minute or two) entries in
    Hugh> /var/log/messages like so:

    Hugh> Dec 30 20:16:34 dns01 named[4464]: sysquery: nlookup error on [SECONDARY DNS SERVER NAME]?

Why did you deliberately conceal the name that has the nlookup error:
the most important piece of information that could allow someone to
diagnose the problem? The name of your domain would have been useful
too, but you didn't provide that either. So would the names and IP
addresses of all the name servers involved, but they're missing
too. Oh well. In future, always post log messages as-is: no formatting
or pretty printing. And never, ever conceal the name or address.

Even if your question is badly worded or misuses technical terms,
somebody can usually figure out what's wrong from three obvious and
fundamental pieces of information:
	[1] the name of the domain/zone
	[2] the names and addresses of the name servers
	[3] which server is master (primary) and which are slaves

The error message means that the name server was unable to find
[SECONDARY DNS SERVER NAME]. The most likely explanation for that will
be that the name server has been misconfigured. Perhaps it hasn't been
told about the root name servers? Or maybe some firewall/router is
blocking DNS queries to external name servers? Both of these
conditions should cause other error messages in the logs: are there
any? If so, what do they say?

You mumbled something about a firewall having "port 53 open to primary".
Perhaps your firewall is not allowing the name server to make queries
or is refusing to allow the answers to those queries to come back in?
By default BIND8 uses a random non-privileged port for its outgoing
queries. Like looking up the name of [SECONDARY DNS SERVER NAME] for
instance. Maybe the firewall is dropping those queries or answers?
If so, use a query-source clause in named.conf's options{} statement
so that the name server uses a port number for these queries that your
firewall likes.

More information about the bind-users mailing list