Named not resolving remote domains

[garwain]

I upgraded my server last week (linux redhat7.3 -> 9.0) and since then, NAMED/BIND has been acting up. I can resolve any domain that is set up in my name server, but anything that is remote doesn't exist as far as my server can tell.

It's not the firewall because I can connect from another machine with nslookup, and look up any domain on the server.

If I try to nslookup something remote like google.ca or yahoo.com (hotmail, msn, slashdot, etc) I just get timeouts.

My resolv.conf is set with just my servers IP, since I don't have access to any other name servers.

I have tried upgrading to later versions of BIND, but still have the same problem. My current setup is RedHat 9 with bind-9.3.1rc1

Any ideas on what I should be looking at? This is really annoying because my spam filter is now dead(uses DNS BLs) and SSH takes forever to connect while it tries to reverse lookup my IP...

Thanks

 

[thedaver]

Uh, if your server doesn't have a resolv.conf list that includes external servers, how do you expect to get responses on domain information for external servers?

Let's pretend a hot new website at "

http://www.foo.bar"

just started up and you wanted to visit it. You'd need something to tell you how to get there. THAT something would be an external DNS server. Thus, your resolv.conf should include some reference to a resolving nameserver at your ISP (who could, in turn query the root servers, its peers, or others).

Eventually, as DNS is expected, the resolving nameserver in resolv.conf will get you an answer back for "

http://www.foo.bar".

Without this capability, you are restricted to visiting those destinations for which (i) you are authoritative, or (ii) you have created static entries in your /etc/hosts file.

A man/DNS server is not an island unto himself... Talk to your ISP about what resolving nameservers they provide for their customers. This should be free too!


D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[garwain]

My problem is that my machine is SUPPOSED to be a resolving nameserver. My server is in a co-location center and my provider is basically providing me with rack space and a connection. Everything was running fine under the configuration I have untill last week when I upgraded.

 

[thedaver]

OK,

Does your named.conf file reflect the proper location of your "hints" for named?

Is your "hints" file current?

Can your named get out through your firewall to the public root servers? Redhat 9 comes with a turnkey firewall that is enabled to some degree by default.



D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[garwain]

yes, named.conf points to the hints file, which I updated last night.

IPTables is offline I stopped the service today,and completely removed it from the boot process.

nslookup and dig always give me timeouts unless I'm looking for a locally hosted domain.

I just noticed one funny thing. Netstat gave me the following (ips changed for privacy reasons) A.B.C.D is my IP, but W.X.Y.Z is an old IP that I used to have over 2 years ago. I can't seem to locate that IP anywhere else on my system.

tcp        0      0 A.B.C.D:53         0.0.0.0:*               LISTEN      
tcp        0      0 W.X.Y.Z:53        0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      
udp        0      0 A.B.C.D:53         0.0.0.0:*                           
udp        0      0 W.X.Y.Z:53        0.0.0.0:*                           
udp        0      0 127.0.0.1:53            0.0.0.0:*