On 24 February 2018 at 10:26, Reco <recovery...@gmail.com> wrote:
> Hi.
>
> Please don't use pastebin for this. This list archives should contain
> not only the solution, but a clear problem statement also.
>
> So, following "show, don't tell principle":
>
> # dig in a debian.org +trace +recurse
>
> ; <<>> DiG 9.10.3-P4-Debian <<>> in a debian.org +trace +recurse
> ;; global options: +cmd
> . 3600000 IN NS A.ROOT-SERVERS.NET.
> . 3600000 IN NS J.ROOT-SERVERS.NET.
> . 3600000 IN NS L.ROOT-SERVERS.NET.
> . 3600000 IN NS C.ROOT-SERVERS.NET.
> . 3600000 IN NS M.ROOT-SERVERS.NET.
> . 3600000 IN NS E.ROOT-SERVERS.NET.
> . 3600000 IN NS I.ROOT-SERVERS.NET.
> . 3600000 IN NS K.ROOT-SERVERS.NET.
> . 3600000 IN NS G.ROOT-SERVERS.NET.
> . 3600000 IN NS F.ROOT-SERVERS.NET.
> . 3600000 IN NS B.ROOT-SERVERS.NET.
> . 3600000 IN NS H.ROOT-SERVERS.NET.
> . 3600000 IN NS D.ROOT-SERVERS.NET.
> couldn't get address for 'A.ROOT-SERVERS.NET': failure
> couldn't get address for 'J.ROOT-SERVERS.NET': failure
> couldn't get address for 'L.ROOT-SERVERS.NET': failure
> couldn't get address for 'C.ROOT-SERVERS.NET': failure
> couldn't get address for 'M.ROOT-SERVERS.NET': failure
> couldn't get address for 'E.ROOT-SERVERS.NET': failure
> couldn't get address for 'I.ROOT-SERVERS.NET': failure
> couldn't get address for 'K.ROOT-SERVERS.NET': failure
> couldn't get address for 'G.ROOT-SERVERS.NET': failure
> couldn't get address for 'F.ROOT-SERVERS.NET': failure
> couldn't get address for 'B.ROOT-SERVERS.NET': failure
> couldn't get address for 'H.ROOT-SERVERS.NET': failure
> couldn't get address for 'D.ROOT-SERVERS.NET': failure
> dig: couldn't get address for 'A.ROOT-SERVERS.NET': no more
>
> And that output is enough to tell you this:
>
> 1) Your nameserver tries to do the right thing - to do recursion.
>
> 2) Your named.conf apparently lacks "forwarders" section, so the only
> thing that BIND can do here - is to query root DNSes.
>
> 3) And root DNSes aren't accessible to your BIND.
>
> In conclusion, your setup is clearly broken, you need to fix it.
>
> Reco
>
>
Ok well I wasn't aware pastebin wasn't allowed, I was wary of pasting a
huge wall of text from all the commands and the output of the files I was
asked for right into an email.
The output sadly told me nothing as I didn't understand it.
My named.conf.options file does have a "forwarders" section in it.
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
194.168.4.100;
194.168.8.100;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See
https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Is there a reason as to why the root DNSes aren't accessible to my BIND?
Yes I am aware I need to fix it, hence the reason why I posted in the first
place, do you have any idea as to what needs to be fixed? as I have no idea
what I should do from here.
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avast.com
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
