Recursive queries not working

Mon Jan 23 21:06:22 UTC 2012

I am posting here as a last resort and hope someone can help me.

I am running RHEL6 and installed bind-chroot package. I have tried
everything, and even posted to a linux forum I belong to for help.  After
three pages and a boat load of troubleshooting no resolution.

Here is a link to the 3 page forum thread if your interested in seeing all
that we tried to do. There is debug information and even tcpdump info in
there.
http://www.linuxquestions.org/questions/linux-server-73/bind-dns-recursion-now-working-924978/

If anyone can help it would be greatly appreciated.  If you need any more
information please let me know.

This DNS server does not answer recursive queries.  Here is my config.

options {
    directory     "/var/named";
    allow-query { any; };
    recursion yes;
        edns-udp-size 512;
        listen-on-v6 { none; };
};
logging{
        channel query_log {
        file "ns1-bind.log" versions unlimited size 100m;
        severity info;
        print-time yes;
        print-severity yes;
        print-category yes;
        };
        category xfer-in{ query_log; };
        category xfer-out{ query_log; };
        category update{ query_log; };
        category general{ query_log; };
        category queries{ query_log; };
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

key "dnsadmin" {
    algorithm hmac-md5;
    secret "pjbruihfeuhruehferfw=";
};

controls {
  inet 127.0.0.1 allow { localhost; } keys { dnsadmin; };
};

zone "." IN {
    type hint;
    file "named.ca";
};

include "/etc/named.rfc1912.zones";

When I try to query google.com it just hangs then returns a servfail:
# dig @localhost google.com

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58542
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.            IN    A

;; Query time: 2695 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jan 23 16:01:27 2012
;; MSG SIZE  rcvd: 28

If I do a dig with +trace at the end it works:
[root at ns1 etc]# dig @localhost google.com +trace

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com+trace
; (2 servers found)
;; global options: +cmd
.            518342    IN    NS    d.root-servers.net.
.            518342    IN    NS    c.root-servers.net.
.            518342    IN    NS    b.root-servers.net.
.            518342    IN    NS    a.root-servers.net.
.            518342    IN    NS    l.root-servers.net.
.            518342    IN    NS    f.root-servers.net.
.            518342    IN    NS    g.root-servers.net.
.            518342    IN    NS    j.root-servers.net.
.            518342    IN    NS    e.root-servers.net.
.            518342    IN    NS    h.root-servers.net.
.            518342    IN    NS    i.root-servers.net.
.            518342    IN    NS    m.root-servers.net.
.            518342    IN    NS    k.root-servers.net.
;; Received 340 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

com.            172800    IN    NS    a.gtld-servers.net.
com.            172800    IN    NS    b.gtld-servers.net.
com.            172800    IN    NS    c.gtld-servers.net.
com.            172800    IN    NS    d.gtld-servers.net.
com.            172800    IN    NS    e.gtld-servers.net.
com.            172800    IN    NS    f.gtld-servers.net.
com.            172800    IN    NS    g.gtld-servers.net.
com.            172800    IN    NS    h.gtld-servers.net.
com.            172800    IN    NS    i.gtld-servers.net.
com.            172800    IN    NS    j.gtld-servers.net.
com.            172800    IN    NS    k.gtld-servers.net.
com.            172800    IN    NS    l.gtld-servers.net.
com.            172800    IN    NS    m.gtld-servers.net.
;; Received 488 bytes from 199.7.83.42#53(l.root-servers.net) in 42 ms

google.com.        172800    IN    NS    ns2.google.com.
google.com.        172800    IN    NS    ns1.google.com.
google.com.        172800    IN    NS    ns3.google.com.
google.com.        172800    IN    NS    ns4.google.com.
;; Received 164 bytes from 192.54.112.30#53(h.gtld-servers.net) in 97 ms

google.com.        300    IN    A    74.125.115.99
google.com.        300    IN    A    74.125.115.106
google.com.        300    IN    A    74.125.115.104
google.com.        300    IN    A    74.125.115.103
google.com.        300    IN    A    74.125.115.105
google.com.        300    IN    A    74.125.115.147
;; Received 124 bytes from 216.239.32.10#53(ns1.google.com) in 30 ms

You have new mail in /var/spool/mail/root
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120123/a672a295/attachment.html>