dns dispair

[Simon Waters]

Thiemo Kellner wrote:
> 
> With 'dig limbo' the servies times out and puts
> back the error "no servers could be reached". The same happens with
> external hosts, e. g. 'dig/host www.suse.de'.

That requires "search thiam.ch" in the resolv.conf to work, or
perhaps you had an old "domain thiam.com" statement?
 
> I recently added to each the firewall and the dns server a nic and had
> to adapt the iptables script and the settings for the interfaces.
> About then dns quitted. However, I have a computer within the firewall
> that is able to get the dns resolution fine. So, I assume that the
> firewall script is fine too.

Hmm - I wouldn't assume that at all.
 
> I spent several dozens of hours going through the settings, getting
> paler and thinner, but couldn't get a single clue.
> 
> I'd just be happy to get any kind of tips, hints or help.

We need more info.

Issue...

dig @198.41.0.4 . ns

from the DNS server, this should query a.root-server.net
directly, and help rule out a firewall problem. If it can't do
this, it won't work unless you use query-source to force
specific ports, or some other firewall specific hack.

Of course your firewall is logging any blocked packets right?
(ipchains -l)
So you'd know if it was stopping any DNS packets?

If you added an interface you may need query source to ensure
the packets at the firewall have the right source IP address on
the way out. But logging firewall dropped packets will tell you
if this is the problem, probably.

-- 
Are you using the Internet to best effect ? www.eighth-layer.com
Tel: +44(0)1395 232769      ICQ: 116952768
Moderated discussion of teleworking at news:uk.business.telework