Steve:
Shouldn't you specify who is allowed to perform recursive
quries? Your pretty wide open.
On Mon, Jan 23, 2012 at 4:06 PM, Steven Vona <sav...@gmail.com> wrote:
> I am posting here as a last resort and hope someone can help me.
>
> I am running RHEL6 and installed bind-chroot package. I have tried
> everything, and even posted to a linux forum I belong to for help. After
> three pages and a boat load of troubleshooting no resolution.
>
> Here is a link to the 3 page forum thread if your interested in seeing all
> that we tried to do. There is debug information and even tcpdump info in
> there.
>
> http://www.linuxquestions.org/questions/linux-server-73/bind-dns-recursion-now-working-924978/
>
> If anyone can help it would be greatly appreciated. If you need any more
> information please let me know.
>
>
> This DNS server does not answer recursive queries. Here is my config.
>
> options {
> directory "/var/named";
> allow-query { any; };
> recursion yes;
> edns-udp-size 512;
> listen-on-v6 { none; };
> };
> logging{
> channel query_log {
> file "ns1-bind.log" versions unlimited size 100m;
> severity info;
> print-time yes;
> print-severity yes;
> print-category yes;
> };
> category xfer-in{ query_log; };
> category xfer-out{ query_log; };
> category update{ query_log; };
> category general{ query_log; };
> category queries{ query_log; };
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> };
>
> key "dnsadmin" {
> algorithm hmac-md5;
> secret "pjbruihfeuhruehferfw=";
> };
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { dnsadmin; };
> };
>
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
>
>
>
>
> When I try to query google.com it just hangs then returns a servfail:
> # dig @localhost google.com
>
> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58542
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;google.com. IN A
>
> ;; Query time: 2695 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Jan 23 16:01:27 2012
> ;; MSG SIZE rcvd: 28
>
>
> If I do a dig with +trace at the end it works:
> [root@ns1 etc]# dig @localhost google.com +trace
>
> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com+trace
> ; (2 servers found)
> ;; global options: +cmd
> . 518342 IN NS d.root-servers.net.
> . 518342 IN NS c.root-servers.net.
> . 518342 IN NS b.root-servers.net.
> . 518342 IN NS a.root-servers.net.
> . 518342 IN NS l.root-servers.net.
> . 518342 IN NS f.root-servers.net.
> . 518342 IN NS g.root-servers.net.
> . 518342 IN NS j.root-servers.net.
> . 518342 IN NS e.root-servers.net.
> . 518342 IN NS h.root-servers.net.
> . 518342 IN NS i.root-servers.net.
> . 518342 IN NS m.root-servers.net.
> . 518342 IN NS k.root-servers.net.
> ;; Received 340 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
>
> com. 172800 IN NS a.gtld-servers.net.
> com. 172800 IN NS b.gtld-servers.net.
> com. 172800 IN NS c.gtld-servers.net.
> com. 172800 IN NS d.gtld-servers.net.
> com. 172800 IN NS e.gtld-servers.net.
> com. 172800 IN NS f.gtld-servers.net.
> com. 172800 IN NS g.gtld-servers.net.
> com. 172800 IN NS h.gtld-servers.net.
> com. 172800 IN NS i.gtld-servers.net.
> com. 172800 IN NS j.gtld-servers.net.
> com. 172800 IN NS k.gtld-servers.net.
> com. 172800 IN NS l.gtld-servers.net.
> com. 172800 IN NS m.gtld-servers.net.
> ;; Received 488 bytes from 199.7.83.42#53(l.root-servers.net) in 42 ms
>
> google.com. 172800 IN NS ns2.google.com.
> google.com. 172800 IN NS ns1.google.com.
> google.com. 172800 IN NS ns3.google.com.
> google.com. 172800 IN NS ns4.google.com.
> ;; Received 164 bytes from 192.54.112.30#53(h.gtld-servers.net) in 97 ms
>
> google.com. 300 IN A 74.125.115.99
> google.com. 300 IN A 74.125.115.106
> google.com. 300 IN A 74.125.115.104
> google.com. 300 IN A 74.125.115.103
> google.com. 300 IN A 74.125.115.105
> google.com. 300 IN A 74.125.115.147
> ;; Received 124 bytes from 216.239.32.10#53(ns1.google.com) in 30 ms
>
> You have new mail in /var/spool/mail/root
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Ezra Taylor
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
