Jonathan via bind-users <bind-users@lists.isc.org> wrote: > It makes no difference from which subnet the queries come from. For > testing I used a server in the same subnet like my DNS is, so there is > no firewall or NAT in between. I also captured the network traffic of > the DNS-Server and -Client. All I can see is, that the server receives > the query from the client, but no response is sent from the server. When > I run dig with the +tcp option, all of the queries will be answered.
Do you have a firewall configured on the server itself? If so does it have the correct idea about which ports and addresses BIND is listening on? The other possibility is reverse path filtering - Linux tries to ensure that packets don't traverse an interface with unexpected addresses. I had to turn it off on my recursive servers because they have interfaces on two different VLANs. Dunno if it could cause problems with just one subnet in play. set sysctl net.ipv4.conf.XXX.rp_filter=2 where XXX is all, default, and whatever your ethernet interface is named. Tony. -- f.anthony.n.finch <d...@dotat.at> https://dotat.at/ North Utsire, South Utsire: Southwesterly 5, backing southerly 6 or 7, occasionally gale 8 in North Utsire. Moderate or rough. Showers. Moderate or good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
