lookup on internet connection fails
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Mon Nov 24 18:36:29 UTC 2003
David K <dave_k_420 at yahoo.com> wrote:
> This problem has been bothering me for a while
> Im running named on a netbsd/sparc box
> My network is 192.168.5/24 behind a router forwarding dns to the server.
> my domain is gophnet.org
> i have gophnet.org's name servers set as
> node2.ath.cx and node3.ath.cx
> both are a free dns service that have A records to my ip 69.14.75.167
> everything works fine on the inside of the network, the problem
> is when i try doing a lookup on the internet it times out.
> dig @69.14.75.167 gophnet.org ANY from my computer works
> dig @69.14.75.167 -x 69.14.75.167 ANY from my computer works
> dig @69.14.75.167 gophnet.org ANY from the internet times out
> dig @69.14.75.167 -x 69.14.75.167 ANY from the internet times out
> Internal nslookup
> Server: dns1.gophnet.org
> Address: 192.168.5.2
> Name: gophnet.org
> Addresses: 69.14.75.167, 192.168.5.3
> squish dns reports
> about 1/2 thorugh fails
> Referral node2.ath.cx
> Asking node2.ath.cx (69.14.75.167) for gophnet.org (type A)
> Error: node2.ath.cx (69.14.75.167): Resolve for gophnet.org. (A)
> failed: query timed out
> i telnet to a remote computer (192.94.73.1) and do a dig
> dig @69.14.75.167 gophnet.org ANY
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
> but in my logs i get
> Nov 22 06:04:15 client 192.94.73.1#64598: query: gophnet.org IN ANY
> Nov 22 06:04:20 client 192.94.73.1#64598: query: gophnet.org IN ANY
> so i know its getting through the router and to the server so i think mabey
> my isp is blocking dns
> any ideas?
> Heres my config files
> named.conf
> view external {
> match-clients { any; };
> recursion no;
> zone "gophnet.org" {
> type master;
> file "external.gophnet.org.db";
> };
> zone "75.14.69.in-addr.arpa" {
> type master;
> file "75.14.69";
> };
> };
> view external {
> match-clients { any; };
> recursion no;
> zone "gophnet.org" {
> type master;
> file "external.gophnet.org.db";
> };
> zone "75.14.69.in-addr.arpa" {
> type master;
> file "75.14.69";
> };
> };
> external db files
> $ORIGIN .
> $TTL 86400 ; 1 day
> gophnet.org IN SOA ns.gophnet.org. neoneill.netzero.net. (
> 2001062506 ; serial
> 21600 ; refresh (6 hours)
> 3600 ; retry (1 hour)
> 604800 ; expire (1 week)
> 86400 ; minimum (1 day)
> }
> IN NS ns.gophnet.org.
> IN A 69.14.75.167
> ns.gophnet.org IN A 69.14.75.167
> $ORIGIN .
> $TTL 86400 ; 1 day
> gophnet.org IN SOA ns.gophnet.org. neoneill.netzero.net.. (
> 2001062506 ; serial
> 21600 ; refresh (6 hours)
> 3600 ; retry (1 hour)
> 604800 ; expire (1 week)
> 86400 ; minimum (1 day)
> )
> IN NS ns.gophnet.org.
> IN A 69.14.75.167
> ns.gophnet.org IN A 69.14.75.167
I see two major problems :
1/ you have been delegated authority to :
gophnet.org. 1D IN NS node3.ath.cx.
gophnet.org. 1D IN NS node2.ath.cx.
Still none of "node[23].ath.cx. answers queries.
You have to open up for UDP and TCP port 53 in your fw/nat unit.
2/ both nameservers points TO THE SAME ADDRESS !
;; ADDITIONAL SECTION:
node3.ath.cx. 54S IN A 69.14.75.167
node2.ath.cx. 54S IN A 69.14.75.167
The world is filled with "free secondary nameservers", use one of them !
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list