Can't get hints or outside resolution.
Peter Laws
plaws at ou.edu
Thu Jul 8 19:42:19 UTC 2010
BIND 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2
From the host itself, a slave for all my zones, I can resolve all my
zones. I cannot, however, resolve anything else.
For example, if I dig google.com I get a timeout.
Further, if I do a blank dig, I don't get the root servers even though the
hints zone is set up correctly.
The same is true if I try to resolve from a different host against this host.
I thought of iptables and dumped those, but disabling iptables doesn't
change anything. In fact, if I look up the IP (of the google, say) on
another host I can ping that IP.
There are query ACLs set up, but I have confirmed that RFC 1918 space,
127/8, and our public IP range are all allowed to query the internal stuff.
The external zones are, of course, set to "any". (default, in options,
is internal-only, but the public zones all have any as over-rides).
SELinux is set to enforcing, but no messages are showing up and based on my
experience, if SELinux is going to prevent BIND from working it's going to
COMPLETELY prevent it from working, not pick certain zones.
resolv.conf on the slave itself has 127.0.0.1 on the nameserver line.
The only thing different on this host vs my other slaves is some extra
notifies and allow-transfers from when this was still a master for some
zones (some other slaves *still* get a few zones from this host).
Missing something easy, I'm sure. But what?
--
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!
More information about the bind-users
mailing list