Cannot get my named to resolve external addresses. Could NAT be the culprit?

Kevin Darcy kcd at daimlerchrysler.com
Mon Aug 29 22:51:00 UTC 2005 

If NAT, per se, were the problem, I'd expect forwarding to fail as well, 
although I suppose theoretically a "smart" NAT might treat recursive and 
non-recursive queries differently...

What's in your db.cache file? Are you sure it's reasonable?

If your db.cache is OK, try doing a dig of some common name with the 
+trace option to see how far it gets. If it doesn't even get past the 
root servers, then you apparently have some sort of NAT/firewall/routing 
problem.

You could also try commenting that query-source line, since it should be 
unnecessary. Freeing up the source port might possibly have a beneficial 
effect with respect to a NAT or firewall.

                                                                         
                                                            - Kevin

jogeedaklown at yahoo.com wrote:

>Hello,
>I'm a complete newbie when it comes to BIND9. So bear with me.  I'm
>attempted to setup a DNS server but I am unable to resolve external
>addresses but I can resolve my internal addresses.  It does works when
>I uncomment the "forwarders" line.  But I do not not want to rely on
>external servers.  My DNS is NAT'ed so is that one of the reasons it's
>not working?
>
>When I run my named using this command
>
>"/usr/sbin/named -u named -g -d 3"
>
>I get "too many timeouts, disabling EDNS0" errors?
>
>
>Here's my named.conf setup below and thanks in advance.
>
>Jose
>
>options {
>   directory "/var/named";
>   dump-file "/var/named/data/cache_dump.db";
>   statistics-file "/var/named/data/named_stats.txt";
>// forwarders { 192.12.95.2; 192.12.95.5; };
>   /*
>    * If there is a firewall between you and nameservers you want
>    * to talk to, you might need to uncomment the query-source
>    * directive below.  Previous versions of BIND always asked
>    * questions using port 53, but BIND 8.1 uses an unprivileged
>    * port by default.
>    */
>    query-source address * port 53;
>};
>
>//
>// a caching only nameserver config
>//
>controls {
>   inet 127.0.0.1 allow { localhost; } keys { rndckey; };
>};
>
>zone "." IN {
>   type hint;
>   file "/var/named/db.cache";
>};
>
>zone "localdomain" IN {
>   type master;
>   file "localdomain.zone";
>   allow-update { none; };
>};
>
>zone "localhost" IN {
>   type master;
>   file "localhost.zone";
>   allow-update { none; };
>};
>
>zone "0.0.127.in-addr.arpa" IN {
>   type master;
>   file "named.local";
>   allow-update { none; };
>};
>
>zone
>"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
>IN {
>        type master;
>   file "named.ip6.local";
>   allow-update { none; };
>};
>
>zone "255.in-addr.arpa" IN {
>   type master;
>   file "named.broadcast";
>   allow-update { none; };
>
>};
>
>zone "0.in-addr.arpa" IN {
>   type master;
>   file "named.zero";
>   allow-update { none; };
>};
>
>zone "cheopa.com" {
>   type master;
>   file "cheopa.com.db";
>};
>
>zone "0.0.10.in-addr.arpa" {
>   type master;
>   file "0.0.10.rev";
>};
>
>
>
>
>
>  
>

More information about the bind-users mailing list