Can't get hints or outside resolution.

Warren Kumari warren at kumari.net
Thu Jul 8 20:55:37 UTC 2010 

On Jul 8, 2010, at 3:42 PM, Peter Laws wrote:

> BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
>
> From the host itself, a slave for all my zones, I can resolve all my  
> zones.  I cannot, however, resolve anything else.
>
> For example, if I dig google.com I get a timeout.
>
> Further, if I do a blank dig, I don't get the root servers even  
> though the hints zone is set up correctly.


Sure? Are you loading it?

    // prime the server with knowledge of the root servers
     zone "." {
     	type hint;
     	file "/etc/namedb/db.root";
     };

Do you have any interesting log messages at startup? Is the hints inna  
view maybe?

w



>
> The same is true if I try to resolve from a different host against  
> this host.
>
> I thought of iptables and dumped those, but disabling iptables  
> doesn't change anything.  In fact, if I look up the IP (of the  
> google, say) on another host I can ping that IP.
>
> There are query ACLs set up, but I have confirmed that RFC 1918  
> space, 127/8, and our public IP range are all allowed to query the  
> internal stuff.  The external zones are, of course, set to "any".   
> (default, in options, is internal-only, but the public zones all  
> have any as over-rides).
>
> SELinux is set to enforcing, but no messages are showing up and  
> based on my experience, if SELinux is going to prevent BIND from  
> working it's going to COMPLETELY prevent it from working, not pick  
> certain zones.
>
>
> resolv.conf on the slave itself has 127.0.0.1 on the nameserver line.
>
> The only thing different on this host vs my other slaves is some  
> extra notifies and allow-transfers from when this was still a master  
> for some zones (some other slaves *still* get a few zones from this  
> host).
>
> Missing something easy, I'm sure.  But what?
>
>
>
>
> -- 
> Peter Laws / N5UWY
> National Weather Center / Network Operations Center
> University of Oklahoma Information Technology
> plaws at ou.edu
> -----------------------------------------------------------------------
> Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank  
> you!
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

For every complex problem, there is a solution that is simple, neat,  
and wrong.
                 -- H. L. Mencken

More information about the bind-users mailing list