Recursive queries not working
Ezra Taylor
ezra.taylor at gmail.com
Mon Jan 23 21:36:40 UTC 2012
Steve:
I should have stated this first. Remove bind from chroot and
then try to do a recursive query. If it works, then you know you have a
problem with chroot.
On Mon, Jan 23, 2012 at 4:33 PM, Ezra Taylor <ezra.taylor at gmail.com> wrote:
> Steve:
> Shouldn't you specify who is allowed to perform recursive
> quries? Your pretty wide open.
>
> On Mon, Jan 23, 2012 at 4:06 PM, Steven Vona <savone at gmail.com> wrote:
>
>> I am posting here as a last resort and hope someone can help me.
>>
>> I am running RHEL6 and installed bind-chroot package. I have tried
>> everything, and even posted to a linux forum I belong to for help. After
>> three pages and a boat load of troubleshooting no resolution.
>>
>> Here is a link to the 3 page forum thread if your interested in seeing
>> all that we tried to do. There is debug information and even tcpdump info
>> in there.
>>
>> http://www.linuxquestions.org/questions/linux-server-73/bind-dns-recursion-now-working-924978/
>>
>> If anyone can help it would be greatly appreciated. If you need any more
>> information please let me know.
>>
>>
>> This DNS server does not answer recursive queries. Here is my config.
>>
>> options {
>> directory "/var/named";
>> allow-query { any; };
>> recursion yes;
>> edns-udp-size 512;
>> listen-on-v6 { none; };
>> };
>> logging{
>> channel query_log {
>> file "ns1-bind.log" versions unlimited size 100m;
>> severity info;
>> print-time yes;
>> print-severity yes;
>> print-category yes;
>> };
>> category xfer-in{ query_log; };
>> category xfer-out{ query_log; };
>> category update{ query_log; };
>> category general{ query_log; };
>> category queries{ query_log; };
>> channel default_debug {
>> file "data/named.run";
>> severity dynamic;
>> };
>> };
>>
>> key "dnsadmin" {
>> algorithm hmac-md5;
>> secret "pjbruihfeuhruehferfw=";
>> };
>>
>> controls {
>> inet 127.0.0.1 allow { localhost; } keys { dnsadmin; };
>> };
>>
>>
>> zone "." IN {
>> type hint;
>> file "named.ca";
>> };
>>
>> include "/etc/named.rfc1912.zones";
>>
>>
>>
>>
>> When I try to query google.com it just hangs then returns a servfail:
>> # dig @localhost google.com
>>
>> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com
>> ; (2 servers found)
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58542
>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>
>> ;; QUESTION SECTION:
>> ;google.com. IN A
>>
>> ;; Query time: 2695 msec
>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
>> ;; WHEN: Mon Jan 23 16:01:27 2012
>> ;; MSG SIZE rcvd: 28
>>
>>
>> If I do a dig with +trace at the end it works:
>> [root at ns1 etc]# dig @localhost google.com +trace
>>
>> ; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com+trace
>> ; (2 servers found)
>> ;; global options: +cmd
>> . 518342 IN NS d.root-servers.net.
>> . 518342 IN NS c.root-servers.net.
>> . 518342 IN NS b.root-servers.net.
>> . 518342 IN NS a.root-servers.net.
>> . 518342 IN NS l.root-servers.net.
>> . 518342 IN NS f.root-servers.net.
>> . 518342 IN NS g.root-servers.net.
>> . 518342 IN NS j.root-servers.net.
>> . 518342 IN NS e.root-servers.net.
>> . 518342 IN NS h.root-servers.net.
>> . 518342 IN NS i.root-servers.net.
>> . 518342 IN NS m.root-servers.net.
>> . 518342 IN NS k.root-servers.net.
>> ;; Received 340 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms
>>
>> com. 172800 IN NS a.gtld-servers.net.
>> com. 172800 IN NS b.gtld-servers.net.
>> com. 172800 IN NS c.gtld-servers.net.
>> com. 172800 IN NS d.gtld-servers.net.
>> com. 172800 IN NS e.gtld-servers.net.
>> com. 172800 IN NS f.gtld-servers.net.
>> com. 172800 IN NS g.gtld-servers.net.
>> com. 172800 IN NS h.gtld-servers.net.
>> com. 172800 IN NS i.gtld-servers.net.
>> com. 172800 IN NS j.gtld-servers.net.
>> com. 172800 IN NS k.gtld-servers.net.
>> com. 172800 IN NS l.gtld-servers.net.
>> com. 172800 IN NS m.gtld-servers.net.
>> ;; Received 488 bytes from 199.7.83.42#53(l.root-servers.net) in 42 ms
>>
>> google.com. 172800 IN NS ns2.google.com.
>> google.com. 172800 IN NS ns1.google.com.
>> google.com. 172800 IN NS ns3.google.com.
>> google.com. 172800 IN NS ns4.google.com.
>> ;; Received 164 bytes from 192.54.112.30#53(h.gtld-servers.net) in 97 ms
>>
>> google.com. 300 IN A 74.125.115.99
>> google.com. 300 IN A 74.125.115.106
>> google.com. 300 IN A 74.125.115.104
>> google.com. 300 IN A 74.125.115.103
>> google.com. 300 IN A 74.125.115.105
>> google.com. 300 IN A 74.125.115.147
>> ;; Received 124 bytes from 216.239.32.10#53(ns1.google.com) in 30 ms
>>
>> You have new mail in /var/spool/mail/root
>>
>>
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>>
>
>
>
> --
> Ezra Taylor
>
--
Ezra Taylor
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120123/865334fc/attachment.html>
More information about the bind-users
mailing list