External queries fail on BIND 8.3.1

Fri Jun 14 23:36:03 UTC 2002

Six Wayz wrote:

> Hello all,
> I'm running a private nameserver on my network.  What it should be able to
> do is answer the internal queries for my domain, and forward all other
> queries to my ISP's nameserver.
>
> Currently, querying my internal domain works fine.  However, when I try to
> do an external lookup, I receive the SERVFAIL response.  The strangest part
> is that I've been struggling with this for a while, and one day it finally
> worked.  However, since a reboot, I haven't been able to get this running
> again (no config file changes)
>
> I'm running FreeBSD 4.5 with BIND 8.3.1 (from ports) if that matters.
> Here's my /etc/namedb/named.conf (only most personal info has been removed
> to protect the innocent!)
>
> options {
>         directory "/var/named";
>         dump-file "/var/named/named_dump.db";
>         datasize 2m;
>         statistics-file "/var/named/named.stats";
>
>         listen-on {
>         192.168.0.1;
>         127.0.0.1 ;
>         };
>
>         allow-query {
>         192.168.0.0/24;
>         127.0.0.1;
>         };
>
>         forwarders {
>         ISP's nameserver #1;
>         ISP's nameserver #2;
>         };
>
>         allow-recursion {
>         192.168.0.0/24;
>         127.0.0.1;
>         };
>
>         allow-transfer {
>         none;
>         };
>
>         query-source address * port 53;
> };
>
> zone "." {
>         type hint;
>         file "root.hints";
> };
>
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "pz/127.0.0";
> };
>
> zone "0.168.192.in-addr.arpa" {
>         type master;
>         file "pz/0.168.192";
> };
>
> zone "mydomain.org" {
>         type master;
>         notify no;
>         file "pz/mydomain.org";
> };
>
> Here's a sample output of dig on an external domain:
> [root at router]# dig isc.org
>
> ; <<>> DiG 8.3 <<>> isc.org
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; QUERY SECTION:
> ;;      isc.org, type = A, class = IN
>
> ;; Total query time: 14 msec
> ;; FROM: router.mydomain.org to SERVER: default -- 127.0.0.1
> ;; WHEN: Wed Jun 12 23:35:01 2002
> ;; MSG SIZE  sent: 25  rcvd: 25
>
> Any help is greatly appreciated

Try pointing "dig" directly at the forwarders and see if you get a response
that way. If the query times out, then it's probably a firewall issue...

-Kevin