Re: Can't get hints or outside resolution.

Thu, 08 Jul 2010 13:58:57 -0700 


On Jul 8, 2010, at 3:42 PM, Peter Laws wrote:


BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
From the host itself, a slave for all my zones, I can resolve all my zones. I cannot, however, resolve anything else. 

For example, if I dig google.com I get a timeout.
Further, if I do a blank dig, I don't get the root servers even though the hints zone is set up correctly. 


Sure? Are you loading it?

   // prime the server with knowledge of the root servers
    zone "." {
        type hint;
        file "/etc/namedb/db.root";
    };
Do you have any interesting log messages at startup? Is the hints inna view maybe? 

w
The same is true if I try to resolve from a different host against this host.
I thought of iptables and dumped those, but disabling iptables doesn't change anything. In fact, if I look up the IP (of the google, say) on another host I can ping that IP.
There are query ACLs set up, but I have confirmed that RFC 1918 space, 127/8, and our public IP range are all allowed to query the internal stuff. The external zones are, of course, set to "any". (default, in options, is internal-only, but the public zones all have any as over-rides).
SELinux is set to enforcing, but no messages are showing up and based on my experience, if SELinux is going to prevent BIND from working it's going to COMPLETELY prevent it from working, not pick certain zones. 


resolv.conf on the slave itself has 127.0.0.1 on the nameserver line.
The only thing different on this host vs my other slaves is some extra notifies and allow-transfers from when this was still a master for some zones (some other slaves *still* get a few zones from this host). 

Missing something easy, I'm sure.  But what?




--
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
pl...@ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, cra...@ou.edu. Thank you! 
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
For every complex problem, there is a solution that is simple, neat, and wrong. 
                -- H. L. Mencken



_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to