I can't get my BIND DNS to answer remote queries

Michael J. Ayers ayerslists at gmail.com
Wed Apr 9 16:25:20 UTC 2008


Try adding the following to the top of your named.conf
acl "all" { 0.0.0.0/0; };

Then add the following to your Options{} section in named.conf

allow-query { "all"; };

And see if that solves your problem.

Hope it helps.

Michael

On Wed, Apr 9, 2008 at 5:13 AM, Victor Lemos Soares E. de Souza <
victoresouza at yahoo.com.br> wrote:

> Hello,
> I have a machine running BIND 9. I've configured a zone on the server and
> I in fact can do queries at this local machine (using dig). But when I do
> the same (dig) query from a remote machine in the same network, I get ";;
> connection timed out; no servers could be reached".
> Here are my zone file:
> $TTL 12345
> vas.lab. IN SOA server.vas.lab. teste.vas.lab. (
>                        1       ; Serial
>                        12345   ; Refresh
>                        12345   ; Retry
>                        12345   ; Expire
>                        12345 ) ; Negative caching TTL
> vas.lab.                IN NS           server.vas.lab.
> server.vas.lab.         IN A            127.0.0.1
> teste           IN A            10.20.90.7
>
> BIND syslog:
>
> Apr  8 16:41:13 rede_externa1 named[8186]: starting BIND 9.4.1-P1 -u root
> -t /var/lib/named
> Apr  8 16:41:13 rede_externa1 named[8186]: found 1 CPU, using 1 worker
> thread
> Apr  8 16:41:13 rede_externa1 named[8186]: loading configuration from
> '/etc/named.conf'
> Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Apr  8 16:41:13 rede_externa1 kernel: process `named' is using obsolete
> setsockopt SO_BSDCOMPAT
> Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface
> eth0, 10.8.128.2#53
> Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface
> eth3, 10.20.91.23#53
> Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface
> eth2, 10.20.90.23#53
> Apr  8 16:41:13 rede_externa1 named[8186]: listening on IPv4 interface
> eth1, 10.8.132.2#53
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 127.IN-ADDR.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 254.169.IN-ADDR.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 2.0.192.IN-ADDR.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 255.255.255.255.IN-ADDR.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> D.F.IP6.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 8.E.F.IP6.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> 9.E.F.IP6.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> A.E.F.IP6.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: automatic empty zone:
> B.E.F.IP6.ARPA
> Apr  8 16:41:13 rede_externa1 named[8186]: command channel listening on
> 127.0.0.1#953
>
> Local Query and response :
>
> [root at vas8-pro2-mas named]# dig vas.lab
>
> ; <<>> DiG 9.4.1-P1 <<>> vas.lab
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6315
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;vas.lab.                       IN      A
>
> ;; AUTHORITY SECTION:
> vas.lab.                12345   IN      SOA     server.vas.lab.
> teste.vas.lab. 1 12345 12345 12345 12345
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1) <http://127.0.0.1#53%28127.0.0.1%29>
> ;; WHEN: Wed Apr  9 09:04:48 2008
> ;; MSG SIZE  rcvd: 74
>
>
> REMOTE query and 'no' response :
>
> [root at vas8-pro4-mpg ~]# dig vas.lab
>
> ; <<>> DiG 9.4.1-P1 <<>> vas.lab
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
>
> NOTICE: The remote machine /etc/resolv.conf is configured as :
>
> [root at vas8-pro4-mpg ~]# more /etc/resolv.conf
> nameserver 10.8.128.2
> nameserver 10.20.90.23
>
> Ps: as you can see, both nameserver IP addresses leads to the same DNS
> server.
>
> I also tried :
> [root at vas8-pro4-mpg ~]# dig @10.8.128.2 vas.lab
>
> ; <<>> DiG 9.4.1-P1 <<>> @10.8.128.2 vas.lab
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
>
>
> And :
> [root at vas8-pro4-mpg ~]# dig @10.20.90.23 vas.lab
>
> ; <<>> DiG 9.4.1-P1 <<>> @10.20.90.23 vas.lab
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
>
> And as I was doing this remote queries, I started wireshark on both host
> and server and I could see that the DNS queries where going out of the host
> machine and arriving at the server machine, but it still didn't respond.
> Does anyone know where the problem is or at least where it can be?
>
> Thanks a lot,
>
>
> Victor Lemos Soares Evangelista de Souza
>
>
>
>
>
>      Abra sua conta no Yahoo! Mail, o único sem limite de espaço para
> armazenamento!
> http://br.mail.yahoo.com/
>
>


-- 
Michael J. Ayers
Senior Systems Engineer



More information about the bind-users mailing list