Bind configuration and log error
Mike Hoskins
michoski at cisco.com
Wed May 23 17:58:11 UTC 2012
-----Original Message-----
From: Amira Othman <a.othman at cairosource.com>
Date: Wednesday, May 23, 2012 3:56 AM
To: <bind-users at lists.isc.org>
Subject: Bind configuration and log error
>Hi all
>
>I have in my messages log file many lines as follows but with different
>domains unreachable what does this mean:
>
>named[15490]: network unreachable resolving
>'platinum.cs.umanitoba.ca/A/IN'
>
>also I can't dig or nslookup or ping my DNS server remotely what should I
>do
>to enable that?
i selfishly focused too much on the log message and ignored your question
at the end...
if you can't dig or ping the server (do you really need to be able to ping
it? many smart admins will filter most icmp only allowing type 3, code 4
to avoid breaking pmtud), first check intermediate firewalls as Matus
suggested. on your test host fire up a "ping <nameserver>" and on your
name server run "tcpdump -i <whatever> -vvv host <test_host>" (<whatever>
should be the interface with the ip address hosting bind) and ensure you
can see the icmp traffic. do the same for dig. if you don't see the
traffic at all, it's getting dropped upstream.
that said, you might also share your named.conf and more details... it's
possible you also need to ensure your listen-on and things like
match-destinations within views are properly configured. at this point,
you might also want to enable query logging so it's clear when things are
working just be watching the named logs.
the secure bind template includes a logging configuration that enables
query logging:
http://www.cymru.com/Documents/secure-bind-template.html
More information about the bind-users
mailing list