I can't get my BIND DNS to answer remote queries
Chris Buxton
cbuxton at menandmice.com
Wed Apr 9 17:01:19 UTC 2008
Check your software firewall, such as iptables. Does it permit DNS
queries?
It's quite common for firewall default configs to allow anything over
the loopback interface but otherwise block all ports.
Chris Buxton
Professional Services
Men & Mice
On Apr 9, 2008, at 5:13 AM, Victor Lemos Soares E. de Souza wrote:
> Hello,
> I have a machine running BIND 9. I've configured a zone on the
> server and I in fact can do queries at this local machine (using
> dig). But when I do the same (dig) query from a remote machine in
> the same network, I get ";; connection timed out; no servers could
> be reached".
> Here are my zone file:
> $TTL 12345
> vas.lab. IN SOA server.vas.lab. teste.vas.lab. (
> 1 ; Serial
> 12345 ; Refresh
> 12345 ; Retry
> 12345 ; Expire
> 12345 ) ; Negative caching TTL
> vas.lab. IN NS server.vas.lab.
> server.vas.lab. IN A 127.0.0.1
> teste IN A 10.20.90.7
>
> BIND syslog:
>
> Apr 8 16:41:13 rede_externa1 named[8186]: starting BIND 9.4.1-P1 -u
> root -t /var/lib/named
> Apr 8 16:41:13 rede_externa1 named[8186]: found 1 CPU, using 1
> worker thread
> Apr 8 16:41:13 rede_externa1 named[8186]: loading configuration
> from '/etc/named.conf'
> Apr 8 16:41:13 rede_externa1 named[8186]: listening on IPv4
> interface lo, 127.0.0.1#53
> Apr 8 16:41:13 rede_externa1 kernel: process `named' is using
> obsolete setsockopt SO_BSDCOMPAT
> Apr 8 16:41:13 rede_externa1 named[8186]: listening on IPv4
> interface eth0, 10.8.128.2#53
> Apr 8 16:41:13 rede_externa1 named[8186]: listening on IPv4
> interface eth3, 10.20.91.23#53
> Apr 8 16:41:13 rede_externa1 named[8186]: listening on IPv4
> interface eth2, 10.20.90.23#53
> Apr 8 16:41:13 rede_externa1 named[8186]: listening on IPv4
> interface eth1, 10.8.132.2#53
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 127.IN-ADDR.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 254.169.IN-ADDR.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 2.0.192.IN-ADDR.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 255.255.255.255.IN-ADDR.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
> .IP6.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
> .IP6.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> D.F.IP6.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 8.E.F.IP6.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 9.E.F.IP6.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> A.E.F.IP6.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> B.E.F.IP6.ARPA
> Apr 8 16:41:13 rede_externa1 named[8186]: command channel listening
> on 127.0.0.1#953
>
> Local Query and response :
>
> [root at vas8-pro2-mas named]# dig vas.lab
>
> ; <<>> DiG 9.4.1-P1 <<>> vas.lab
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6315
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1,
> ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;vas.lab. IN A
>
> ;; AUTHORITY SECTION:
> vas.lab. 12345 IN SOA server.vas.lab.
> teste.vas.lab. 1 12345 12345 12345 12345
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Wed Apr 9 09:04:48 2008
> ;; MSG SIZE rcvd: 74
>
>
> REMOTE query and 'no' response :
>
> [root at vas8-pro4-mpg ~]# dig vas.lab
>
> ; <<>> DiG 9.4.1-P1 <<>> vas.lab
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
> NOTICE: The remote machine /etc/resolv.conf is configured as :
>
> [root at vas8-pro4-mpg ~]# more /etc/resolv.conf
> nameserver 10.8.128.2
> nameserver 10.20.90.23
>
> Ps: as you can see, both nameserver IP addresses leads to the same
> DNS server.
>
> I also tried :
> [root at vas8-pro4-mpg ~]# dig @10.8.128.2 vas.lab
>
> ; <<>> DiG 9.4.1-P1 <<>> @10.8.128.2 vas.lab
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
>
> And :
> [root at vas8-pro4-mpg ~]# dig @10.20.90.23 vas.lab
>
> ; <<>> DiG 9.4.1-P1 <<>> @10.20.90.23 vas.lab
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
> And as I was doing this remote queries, I started wireshark on both
> host and server and I could see that the DNS queries where going out
> of the host machine and arriving at the server machine, but it still
> didn't respond.
> Does anyone know where the problem is or at least where it can be?
>
> Thanks a lot,
>
>
> Victor Lemos Soares Evangelista de Souza
>
>
>
>
>
> Abra sua conta no Yahoo! Mail, o único sem limite de espaço
> para armazenamento!
> http://br.mail.yahoo.com/
>
More information about the bind-users
mailing list