External queries fail on BIND 8.3.1

[Kevin Darcy]

Six Wayz wrote:

> "Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message
> news:aedv28$kgg$1 at isrv4.isc.org...
> >Try pointing "dig" directly at the forwarders and see if you get a
> response
> >that way. If the query times out, then it's probably a firewall issue...
> >
> >
> >-Kevin
>
> Thanks for the reply, Kevin.
> I've taken your suggestion and posted the results here.  Unfortunately, the
> outcome suggests that it is not a firewall issue.  I am allowing queries out
> on port 53 and keeping the state.  Here's the outcome:
>
> [root at router]# dig @ISP's nameserver#1 isc.org
>
> ; <<>> DiG 8.3 <<>> @ISP's nameserver#1 isc.org
> ; (1 server found)
> ;; res options: init recurs defnam dnsrch
> ;; got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 2
> ;; QUERY SECTION:
> ;;      isc.org, type = A, class = IN
>
> ;; ANSWER SECTION:
> isc.org.                1H IN A         204.152.184.85
>
> ;; AUTHORITY SECTION:
> isc.org.                1H IN NS        ns1.gnac.com.
> isc.org.                1H IN NS        gns1.nominum.com.
> isc.org.                1H IN NS        gns2.nominum.com.
> isc.org.                1H IN NS        ns-ext.vix.com.
> isc.org.                1H IN NS        ns-int.vix.com.
>
> ;; ADDITIONAL SECTION:
> ns-ext.vix.com.         1H IN A         204.152.184.64
> ns-int.vix.com.         1H IN A         204.152.184.65
>
> ;; Total query time: 160 msec
> ;; FROM: router.mydomain.org to SERVER: ISP's nameserver#1
> ;; WHEN: Fri Jun 14 23:31:33 2002
> ;; MSG SIZE  sent: 25  rcvd: 191
>
> Any other suggestions?

So, you're querying from exactly the same IP address that your nameserver would
use to send queries, right? And a "dig" works but forwarding doesn't. Very odd.

I'd turn on debugging at this point. See if your nameserver is even *trying* to
forward the queries.


- Kevin