Recursive queries not working

Ezra Taylor ezra.taylor at gmail.com
Mon Jan 23 21:34:11 UTC 2012 

Steve:
              Shouldn't you specify who is allowed to perform recursive quri

On Mon, Jan 23, 2012 at 4:06 PM, Steven Vona <savone at gmail.com> wrote:

> I am posting here as a last resort and hope someone can help me.
>
> I am running RHEL6 and installed bind-chroot package. I have tried
> everything, and even posted to a linux forum I belong to for help.  After
> three pages and a boat load of troubleshooting no resolution.
>
> Here is a link to the 3 page forum thread if your interested in seeing all
> that we tried to do. There is debug information and even tcpdump info in
> there.
>
> http://www.linuxquestions.org/questions/linux-server-73/bind-dns-recursion-now-working-924978/
>
> If anyone can help it would be greatly appreciated.  If you need any more
> information please let me know.
>
>
> This DNS server does not answer recursive queries.  Here is my config.
>
> options {
>     directory     "/var/named";
>     allow-query { any; };
>     recursion yes;
>         edns-udp-size 512;
>         listen-on-v6 { none; };
> };
> logging{
>         channel query_log {
>         file "ns1-bind.log" versions unlimited size 100m;
>         severity info;
>         print-time yes;
>         print-severity yes;
>         print-category yes;
>         };
>         category xfer-in{ query_log; };
>         category xfer-out{ query_log; };
>         category update{ query_log; };
>         category general{ query_log; };
>         category queries{ query_log; };
>         channel default_debug {
>                 file "data/named.run";
>                 severity dynamic;
>         };
> };
>
> key "dnsadmin" {
>     algorithm hmac-md5;
>     secret "pjbruihfeuhruehferfw=";
> };
>
> controls {
>   inet 127.0.0.1 allow { localhost; } keys { dnsadmin; };
> };
>
>
> zone "." IN {
>     type hint;
>     file "named.ca";
> };
>
> include "/etc/named.rfc1912.zones";
>
>
>
>
> When I try to query google.com it just hangs then returns a servfail:
> # dig @localhost google.com
>
> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com
> ; (2 servers found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58542
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;google.com.            IN    A
>
> ;; Query time: 2695 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Mon Jan 23 16:01:27 2012
> ;; MSG SIZE  rcvd: 28
>
>
> If I do a dig with +trace at the end it works:
> [root at ns1 etc]# dig @localhost google.com +trace
>
> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com+trace
> ; (2 servers found)
> ;; global options: +cmd
> .            518342    IN    NS    d.root-servers.net.
> .            518342    IN    NS    c.root-servers.net.
> .            518342    IN    NS    b.root-servers.net.
> .            518342    IN    NS    a.root-servers.net.
> .            518342    IN    NS    l.root-servers.net.
> .            518342    IN    NS    f.root-servers.net.
> .            518342    IN    NS    g.root-servers.net.
> .            518342    IN    NS    j.root-servers.net.
> .            518342    IN    NS    e.root-servers.net.
> .            518342    IN    NS    h.root-servers.net.
> .            518342    IN    NS    i.root-servers.net.
> .            518342    IN    NS    m.root-servers.net.
> .            518342    IN    NS    k.root-servers.net.
> ;; Received 340 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
>
> com.            172800    IN    NS    a.gtld-servers.net.
> com.            172800    IN    NS    b.gtld-servers.net.
> com.            172800    IN    NS    c.gtld-servers.net.
> com.            172800    IN    NS    d.gtld-servers.net.
> com.            172800    IN    NS    e.gtld-servers.net.
> com.            172800    IN    NS    f.gtld-servers.net.
> com.            172800    IN    NS    g.gtld-servers.net.
> com.            172800    IN    NS    h.gtld-servers.net.
> com.            172800    IN    NS    i.gtld-servers.net.
> com.            172800    IN    NS    j.gtld-servers.net.
> com.            172800    IN    NS    k.gtld-servers.net.
> com.            172800    IN    NS    l.gtld-servers.net.
> com.            172800    IN    NS    m.gtld-servers.net.
> ;; Received 488 bytes from 199.7.83.42#53(l.root-servers.net) in 42 ms
>
> google.com.        172800    IN    NS    ns2.google.com.
> google.com.        172800    IN    NS    ns1.google.com.
> google.com.        172800    IN    NS    ns3.google.com.
> google.com.        172800    IN    NS    ns4.google.com.
> ;; Received 164 bytes from 192.54.112.30#53(h.gtld-servers.net) in 97 ms
>
> google.com.        300    IN    A    74.125.115.99
> google.com.        300    IN    A    74.125.115.106
> google.com.        300    IN    A    74.125.115.104
> google.com.        300    IN    A    74.125.115.103
> google.com.        300    IN    A    74.125.115.105
> google.com.        300    IN    A    74.125.115.147
> ;; Received 124 bytes from 216.239.32.10#53(ns1.google.com) in 30 ms
>
> You have new mail in /var/spool/mail/root
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



-- 
Ezra Taylor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120123/eb5db279/attachment.html>

More information about the bind-users mailing list