On 22/11/2017 14:12, Ron Wingfield wrote: > . . .well, I've received a lot of comment from several people, _most > quite helpful and appreciated_; . . .some rather critical and > condescending. Regardless, I'll just pursue this resolve while using > other resources . (BTW, under consideration, " > https://www.iana.org/help/nameserver-requirements > <https://www.iana.org/help/nameserver-requirements>".) > > Thanks again, RW
As everyone has said, the reason DNS resolution isn't working is because your DNS servers aren't responding to DNS queries on UDP port 53 - as can be seen here: http://dnsviz.net/d/archaxis.net/WhcDMQ/dnssec/ (dnsviz.net is not only useful for troubleshooting dnssec problems). The delegation to archaxis.net is present in the net. zone - so this isn't something that your registrar has broken (although they don't know about the other two nameserver names alpha and bravo, but since they all point to the same IP address, adding them isn't going to make any significant difference to your DNS service anyway, and it's certainly not why it isn't working now). The problem might be in routers and firewalls (e.g. blocking DNS traffic). You can confirm if that is so or not by using dig on the server itself to its external address (162.202.233.81) or to the loopback interface. If the server responds locally, then (assuming you haven't changed your configuration at all), then problem is not with BIND and you need to research further afield. ** I find that I can ping 162.202.233.81 - this means that *something* is responding on that address but that something might not be your server (also worth checking for). One good question to explore would be what might have changed on 3 November elsewhere in your network infrastructure - updates to routers, firewalls, new equipment installed, new DHCP servers brought up, new subnets added to DHCP servers and so on.. === Once you've resolved why your nameservers aren't reachable, for whatever reason(s) that might be, everyone who has exhorted you to upgrade the version of BIND you're running is correct to do so - you're vulnerable to several defects, some quite nasty. Please do consider upgrading. If this domain is not important to you (as in, it's not one that is integral to a commercial or business service), then it probably doesn't matter that you have only one nameserver serving it and that occasionally it's unavailable, particularly if the services being provided are also hosted on that same machine (so if the machine is 'out' it doesn't matter that the DNS is also 'out'). On the other hand, if you're expecting to have services for archiaxis.net available 24x7 then you do absolutely need more resiliency in your authoritative DNS. But that I leave with you to consider... Cathy _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
