Can't get hints or outside resolution.

Peter Laws plaws at ou.edu
Thu Jul 8 21:09:01 UTC 2010 

Yep, zone for hint is right.  No interesting messages "service named 
checkconfig" (which RH has helpfully set up to run named-checkconf and 
named-checkzone) shows that all is well.

:-(

On 07/08/10 15:55, Warren Kumari wrote:
>
> On Jul 8, 2010, at 3:42 PM, Peter Laws wrote:
>
>> BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
>>
>> From the host itself, a slave for all my zones, I can resolve all my
>> zones. I cannot, however, resolve anything else.
>>
>> For example, if I dig google.com I get a timeout.
>>
>> Further, if I do a blank dig, I don't get the root servers even though
>> the hints zone is set up correctly.
>
>
> Sure? Are you loading it?
>
> // prime the server with knowledge of the root servers
> zone "." {
> type hint;
> file "/etc/namedb/db.root";
> };
>
> Do you have any interesting log messages at startup? Is the hints inna
> view maybe?
>
> w
>
>
>
>>
>> The same is true if I try to resolve from a different host against
>> this host.
>>
>> I thought of iptables and dumped those, but disabling iptables doesn't
>> change anything. In fact, if I look up the IP (of the google, say) on
>> another host I can ping that IP.
>>
>> There are query ACLs set up, but I have confirmed that RFC 1918 space,
>> 127/8, and our public IP range are all allowed to query the internal
>> stuff. The external zones are, of course, set to "any". (default, in
>> options, is internal-only, but the public zones all have any as
>> over-rides).
>>
>> SELinux is set to enforcing, but no messages are showing up and based
>> on my experience, if SELinux is going to prevent BIND from working
>> it's going to COMPLETELY prevent it from working, not pick certain zones.
>>
>>
>> resolv.conf on the slave itself has 127.0.0.1 on the nameserver line.
>>
>> The only thing different on this host vs my other slaves is some extra
>> notifies and allow-transfers from when this was still a master for
>> some zones (some other slaves *still* get a few zones from this host).
>>
>> Missing something easy, I'm sure. But what?
>>
>>
>>
>>
>> --
>> Peter Laws / N5UWY
>> National Weather Center / Network Operations Center
>> University of Oklahoma Information Technology
>> plaws at ou.edu
>> -----------------------------------------------------------------------
>> Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!
>> _______________________________________________
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
> For every complex problem, there is a solution that is simple, neat, and
> wrong.
> -- H. L. Mencken
>
>
>

-- 
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!

More information about the bind-users mailing list