-----Original Message----- From: Amira Othman <a.oth...@cairosource.com> Date: Wednesday, May 23, 2012 3:56 AM To: <bind-users@lists.isc.org> Subject: Bind configuration and log error
>Hi all > >I have in my messages log file many lines as follows but with different >domains unreachable what does this mean: > >named[15490]: network unreachable resolving >'platinum.cs.umanitoba.ca/A/IN' > >also I can't dig or nslookup or ping my DNS server remotely what should I >do >to enable that? i selfishly focused too much on the log message and ignored your question at the end... if you can't dig or ping the server (do you really need to be able to ping it? many smart admins will filter most icmp only allowing type 3, code 4 to avoid breaking pmtud), first check intermediate firewalls as Matus suggested. on your test host fire up a "ping <nameserver>" and on your name server run "tcpdump -i <whatever> -vvv host <test_host>" (<whatever> should be the interface with the ip address hosting bind) and ensure you can see the icmp traffic. do the same for dig. if you don't see the traffic at all, it's getting dropped upstream. that said, you might also share your named.conf and more details... it's possible you also need to ensure your listen-on and things like match-destinations within views are properly configured. at this point, you might also want to enable query logging so it's clear when things are working just be watching the named logs. the secure bind template includes a logging configuration that enables query logging: http://www.cymru.com/Documents/secure-bind-template.html _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
