External queries fail on BIND 8.3.1

Six Wayz sixwayz at hotmail.com
Wed Jun 19 04:11:07 UTC 2002 


"Kevin Darcy" <kcd at daimlerchrysler.com> wrote in message 
news:<aeohqq$6gba$1 at isrv4.isc.org>...
>
>
>Hmmm, you *do* have forwarding enabled, but named isn't using it. The only 
>thing that comes to mind is that it gave up temporarily on the forwarders 
>because it previously timed out trying to contact them.
>
>One major difference between your "dig" and the way your name is forwarding 
>queries is that you've locked named's query source address to 53. Do you 
>need that for some reason? Maybe this low source port is running afoul of a 
>firewall rule or something. What happens if you comment that out (and then 
>reload named, of course)?
>
>Out of curiosity, do you need to use forwarding at all? If you're using it 
>because you can't talk to Internet nameservers directly, then your 
>forwarding mode should be "forward only" (as opposed to the default 
>"forward first", which, by omission, is what you have now). This will allow 
>queries to fail "properly" when the forwarders are unavailable (as opposed 
>to named beating its head against the wall trying to contact root servers 
>that are inaccessible). "Forward first" should only be used when you're 
>using forwarding exclusively as a performance enhancement.
>
>
>- Kevin
>
>P.S. I couldn't get any response from your forwarders, but that could 
>easily be because they blackhole all queries which don't originate on their 
>network...
>
>
Is there any way to reset so that named tries to use the forwarders?  The 
strangest part of all of this mess is that is was working correctly for 
weeks after a struggle trying to make it work.  Due to a power outage, I had 
to reboot.  When I rebooted, it was again not working.  All this time I have 
been making only suttle changes to named.conf which have had no effect.

I have tried commenting out the query source address, but this has been to 
no avail.

Apparently, I do need to use forwarding.  Otherwise my Win2k resolver will 
not work after the TTL for my internal domain has expired.  It is a pain to 
have to run ipconfig /registerdns every day in order to be able to use DNS.  
When this setup was working correctly before, it was running great.  My 
nameserver would answer queries properly and forward queries that it didn't 
know.  It was fast to get the answer from my ISP's nameservers due to a 
large cache. In any case, I also tried forward only with no change in the 
outcome.  I was also recently informed that my ISP's nameservers won't do 
recursion, so I tried other DNS servers and the result was still the same.

Any other suggestions?

Thanks,
Rob

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

More information about the bind-users mailing list