dig: couldn't get address for 'F.ROOT-SERVERS.NET': failure
Kevin Darcy
kcd at chrysler.com
Tue Sep 16 00:55:44 UTC 2008
Ian Masters wrote:
> Adam
>
> Thanks for your reply.
>
>
>> Are you sure that firewalls/NATs on the way are configured correctly?
>>
>
> Actually no, not completely sure ...
>
>
>> What happen when you try "dig @198.41.0.4 ns" ? (198.41.0.4 is address
>> of A root server)
>>
>
> ; <<>> DiG 9.3.4-P1 <<>> @198.41.0.4 ns
> ; (1 server found)
> ;; global options: printcmd
> ;; connection timed out; no servers could be reached
>
> I can ping 198.41.0.4 though ...
>
> As I said, if I add:
> forwarders { 165.76.12.2; 165.76.116.2; };
> forward only;
> to my named.conf, I can dig google.com, but "dig @198.41.0.4 ns" still
> fails.
>
> I'm confused.
>
So you can talk to your forwarders, but you can't talk directly to root
servers.
Seems like a fairly straightforward NAT/firewall/routing restriction. If
you can't get it opened up, you're stuck relying on forwarding to get
your resolution done.
- Kevin
More information about the bind-users
mailing list