What tests should I do? If I query directly an external name-server (one of the root ones or 8.8.8.8 for example) I receive the correct response. For this reason I'm inclined to think that the router doesn't block packets to/from port 53. Why should it block packets generated by BIND9?
2013/1/12 Lyle Giese <l...@lcrcomputer.net> > On 01/11/13 03:05, Daniele wrote: > > Port 53 is open, I can also telnet it from another box in the same network. > Now I think the problem can be on the packets size, because I'm trying > every solution but nothing works. > > > 2013/1/9 Lyle Giese <l...@lcrcomputer.net> > >> On 01/09/13 08:39, Daniele wrote: >> >> 2013/1/9 Phil Mayers <p.may...@imperial.ac.uk> >> >>> On 09/01/13 13:53, Daniele wrote: >>> >>>> This is the scenario. >>>> >>>> I installed BIND9 via `apt-get` on a newly installed UBUNTU 12.04, >>>> virtualized on VirtualBox. >>>> The network works properly because if I indicate a different server from >>>> my own BIND9 (the first line of '/etc/resolv.conf' is, for example, >>>> `nameserver 8.8.8.8`) the lookups and any action on the Internet >>>> succeed. >>>> >>>> >>> No, this assumption is not valid. >> >> >> I meant that I can reach the Internet and, vice versa, the Internet can >> reach my terminal. >> >> >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing >> listbind-us...@lists.isc.orghttps://lists.isc.org/mailman/listinfo/bind-users >> >> Recursive queries that named does for a client are different than your >> machine as a dns client reaching out to Google's recursive service. >> >> You need to have UDP & TCP port 53 open to your recursive server(the one >> running named) first of all. And if any network element within your >> network limits the size of UDP packets, you will have problems with EDNS0 >> queries. >> >> On this box running named, try this: >> >> dig +trace www.msn.com >> >> dig +trace imperial.ac.uk >> >> After dig gets a copy of the root servers from the local named, it will >> do the same type of queries that a recursive name server does. >> >> Lyle Giese >> LCR Computer Services, Inc. >> >> >> Saying port 53 is open because you can telnet to it from a local > computer is a very limited test. > > 1) Telnet only use TCP, UDP is the primary/first communication channel DNS > uses. > > 2) The router between this computer and the Internet is not at fault? You > have done no tests to prove that one way or the other. > > Do a couple of dig +trace runs and see what that shows. And try some any > queries to a dnssec enable domain. > > > Lyle Giese > LCR Computer Services, Inc. > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
