Dig, nslookup fail when referencing other server
Mark Damrose
mdamrose at elgin.cc.il.us
Wed May 1 13:10:27 UTC 2002
"VinceV" <vpv at rdrop.com> wrote in message news:aamr3b$mlj at pub3.rc.vix.com...
>
> The problem:
>
> On my local RH7.2 server which is primary DNS for my domains
> (ns.ak7.com) and is defined for split DNS (local 192.x.x.x and
> Requests from "outside").
>
> I can run
> dig -x199.26.172.34
> and it returns the correct answer rdrop.com
>
> However, if I try to use the primary rdrop.com name server
> dig -x199.26.172.34 @ns1.rdrop.com
> The request times out.
> The deprecated nslookup function exhibits similar behavior.
It works from here.
>
> Ping to ns1.rdrop.com is succesful
> traceroute ns1.rdrop.com fails (no route, default is UDP)
> traceroute -I ns1.rdrop.com is successful (-I force ICMP)
Since the traceroute with UDP fails, I would triple check your firewall
rules.
>
> It appears that BIND is working correctly on my local server since it
> resolved the domain request correctly.
>
> The ipchains/iptables firewall has been disabled (prevented from
> loading).
>
> The network sits behind a Watchguard SOHO firewall that allows all
> outbound connections. The RH 6.1 server that sits on the same switch
> resolves without a problem.
>
> Any ideas what would cause dig to fail?
>
More information about the bind-users
mailing list