Recursive queries not working

Mon Jan 23 21:36:40 UTC 2012

Steve:
             I should have stated this first.  Remove bind from chroot and
then try to do a recursive query.  If it works, then you know you have a
problem with chroot.

On Mon, Jan 23, 2012 at 4:33 PM, Ezra Taylor <ezra.taylor at gmail.com> wrote:

> Steve:
>               Shouldn't you specify who is allowed to perform recursive
> quries?  Your pretty wide open.
>
> On Mon, Jan 23, 2012 at 4:06 PM, Steven Vona <savone at gmail.com> wrote:
>
>> I am posting here as a last resort and hope someone can help me.
>>
>> I am running RHEL6 and installed bind-chroot package. I have tried
>> everything, and even posted to a linux forum I belong to for help.  After
>> three pages and a boat load of troubleshooting no resolution.
>>
>> Here is a link to the 3 page forum thread if your interested in seeing
>> all that we tried to do. There is debug information and even tcpdump info
>> in there.
>>
>> http://www.linuxquestions.org/questions/linux-server-73/bind-dns-recursion-now-working-924978/
>>
>> If anyone can help it would be greatly appreciated.  If you need any more
>> information please let me know.
>>
>>
>> This DNS server does not answer recursive queries.  Here is my config.
>>
>> options {
>>     directory     "/var/named";
>>     allow-query { any; };
>>     recursion yes;
>>         edns-udp-size 512;
>>         listen-on-v6 { none; };
>> };
>> logging{
>>         channel query_log {
>>         file "ns1-bind.log" versions unlimited size 100m;
>>         severity info;
>>         print-time yes;
>>         print-severity yes;
>>         print-category yes;
>>         };
>>         category xfer-in{ query_log; };
>>         category xfer-out{ query_log; };
>>         category update{ query_log; };
>>         category general{ query_log; };
>>         category queries{ query_log; };
>>         channel default_debug {
>>                 file "data/named.run";
>>                 severity dynamic;
>>         };
>> };
>>
>> key "dnsadmin" {
>>     algorithm hmac-md5;
>>     secret "pjbruihfeuhruehferfw=";
>> };
>>
>> controls {
>>   inet 127.0.0.1 allow { localhost; } keys { dnsadmin; };
>> };
>>
>>
>> zone "." IN {
>>     type hint;
>>     file "named.ca";
>> };
>>
>> include "/etc/named.rfc1912.zones";
>>
>>
>>
>>
>> When I try to query google.com it just hangs then returns a servfail:
>> # dig @localhost google.com
>>
>> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com
>> ; (2 servers found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58542
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;google.com.            IN    A
>>
>> ;; Query time: 2695 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Mon Jan 23 16:01:27 2012
>> ;; MSG SIZE  rcvd: 28
>>
>>
>> If I do a dig with +trace at the end it works:
>> [root at ns1 etc]# dig @localhost google.com +trace
>>
>> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com+trace
>> ; (2 servers found)
>> ;; global options: +cmd
>> .            518342    IN    NS    d.root-servers.net.
>> .            518342    IN    NS    c.root-servers.net.
>> .            518342    IN    NS    b.root-servers.net.
>> .            518342    IN    NS    a.root-servers.net.
>> .            518342    IN    NS    l.root-servers.net.
>> .            518342    IN    NS    f.root-servers.net.
>> .            518342    IN    NS    g.root-servers.net.
>> .            518342    IN    NS    j.root-servers.net.
>> .            518342    IN    NS    e.root-servers.net.
>> .            518342    IN    NS    h.root-servers.net.
>> .            518342    IN    NS    i.root-servers.net.
>> .            518342    IN    NS    m.root-servers.net.
>> .            518342    IN    NS    k.root-servers.net.
>> ;; Received 340 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
>>
>> com.            172800    IN    NS    a.gtld-servers.net.
>> com.            172800    IN    NS    b.gtld-servers.net.
>> com.            172800    IN    NS    c.gtld-servers.net.
>> com.            172800    IN    NS    d.gtld-servers.net.
>> com.            172800    IN    NS    e.gtld-servers.net.
>> com.            172800    IN    NS    f.gtld-servers.net.
>> com.            172800    IN    NS    g.gtld-servers.net.
>> com.            172800    IN    NS    h.gtld-servers.net.
>> com.            172800    IN    NS    i.gtld-servers.net.
>> com.            172800    IN    NS    j.gtld-servers.net.
>> com.            172800    IN    NS    k.gtld-servers.net.
>> com.            172800    IN    NS    l.gtld-servers.net.
>> com.            172800    IN    NS    m.gtld-servers.net.
>> ;; Received 488 bytes from 199.7.83.42#53(l.root-servers.net) in 42 ms
>>
>> google.com.        172800    IN    NS    ns2.google.com.
>> google.com.        172800    IN    NS    ns1.google.com.
>> google.com.        172800    IN    NS    ns3.google.com.
>> google.com.        172800    IN    NS    ns4.google.com.
>> ;; Received 164 bytes from 192.54.112.30#53(h.gtld-servers.net) in 97 ms
>>
>> google.com.        300    IN    A    74.125.115.99
>> google.com.        300    IN    A    74.125.115.106
>> google.com.        300    IN    A    74.125.115.104
>> google.com.        300    IN    A    74.125.115.103
>> google.com.        300    IN    A    74.125.115.105
>> google.com.        300    IN    A    74.125.115.147
>> ;; Received 124 bytes from 216.239.32.10#53(ns1.google.com) in 30 ms
>>
>> You have new mail in /var/spool/mail/root
>>
>>
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
>
>
> --
> Ezra Taylor
>

-- 
Ezra Taylor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120123/865334fc/attachment.html>