I can't get my BIND DNS to answer remote queries

Victor Lemos Soares E. de Souza victoresouza at yahoo.com.br
Wed Apr 9 12:13:15 UTC 2008 

Hello, 
I have a machine running BIND 9. I've configured a zone on the server and I in fact can do queries at this local machine (using dig). But when I do the same (dig) query from a remote machine in the same network, I get ";; connection timed out; no servers could be reached".
Here are my zone file:
$TTL 12345
vas.lab. IN SOA server.vas.lab. teste.vas.lab. (
                        1       ; Serial
                        12345   ; Refresh
                        12345   ; Retry
                        12345   ; Expire
                        12345 ) ; Negative caching TTL
vas.lab.                IN NS           server.vas.lab.
server.vas.lab.         IN A            127.0.0.1
teste           IN A            10.20.90.7

BIND syslog:

Apr  8 16:41:13 rede_externa1 named[8186]: starting BIND 9.4.1-P1 -u root -t /var/lib/named
Apr  8 16:41:13 rede_externa1 named[8186]: found 1 CPU, using 1 worker thread
Apr  8 16:41:13 rede_externa1 named[8186]: loading configuration from '/etc/named.conf'
Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface lo, 127.0.0.1#53
Apr  8 16:41:13 rede_externa1 kernel: process `named' is using obsolete setsockopt SO_BSDCOMPAT
Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface eth0, 10.8.128.2#53
Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface eth3, 10.20.91.23#53
Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface eth2, 10.20.90.23#53
Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface eth1, 10.8.132.2#53
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: 127.IN-ADDR.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: 254.169.IN-ADDR.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: D.F.IP6.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: 8.E.F.IP6.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: 9.E.F.IP6.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: A.E.F.IP6.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone: B.E.F.IP6.ARPA
Apr  8 16:41:13 rede_externa1 named[8186]: command channel listening on 127.0.0.1#953

Local Query and response :

[root at vas8-pro2-mas named]# dig vas.lab

; <<>> DiG 9.4.1-P1 <<>> vas.lab
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6315
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;vas.lab.                       IN      A

;; AUTHORITY SECTION:
vas.lab.                12345   IN      SOA     server.vas.lab. teste.vas.lab. 1 12345 12345 12345 12345

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr  9 09:04:48 2008
;; MSG SIZE  rcvd: 74


REMOTE query and 'no' response :

[root at vas8-pro4-mpg ~]# dig vas.lab

; <<>> DiG 9.4.1-P1 <<>> vas.lab
;; global options:  printcmd
;; connection timed out; no servers could be reached

NOTICE: The remote machine /etc/resolv.conf is configured as :

[root at vas8-pro4-mpg ~]# more /etc/resolv.conf
nameserver 10.8.128.2
nameserver 10.20.90.23

Ps: as you can see, both nameserver IP addresses leads to the same DNS server.

I also tried :
[root at vas8-pro4-mpg ~]# dig @10.8.128.2 vas.lab

; <<>> DiG 9.4.1-P1 <<>> @10.8.128.2 vas.lab
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached


And :
[root at vas8-pro4-mpg ~]# dig @10.20.90.23 vas.lab

; <<>> DiG 9.4.1-P1 <<>> @10.20.90.23 vas.lab
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

And as I was doing this remote queries, I started wireshark on both host and server and I could see that the DNS queries where going out of the host machine and arriving at the server machine, but it still didn't respond.
Does anyone know where the problem is or at least where it can be?

Thanks a lot,

 
Victor Lemos Soares Evangelista de Souza





      Abra sua conta no Yahoo! Mail, o único sem limite de espaço para armazenamento!
http://br.mail.yahoo.com/

More information about the bind-users mailing list