Steve:<div> I should have stated this first. Remove bind from chroot and then try to do a recursive query. If it works, then you know you have a problem with chroot.<br><br><div class="gmail_quote">On Mon, Jan 23, 2012 at 4:33 PM, Ezra Taylor <span dir="ltr"><<a href="mailto:ezra.taylor@gmail.com">ezra.taylor@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Steve:<div> Shouldn't you specify who is allowed to perform recursive quries? Your pretty wide open.<br>
<br><div class="gmail_quote"><div><div class="h5">On Mon, Jan 23, 2012 at 4:06 PM, Steven Vona <span dir="ltr"><<a href="mailto:savone@gmail.com" target="_blank">savone@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">I am posting here as a last resort and hope someone can help me.<br><br>I am running RHEL6 and installed bind-chroot package. I have tried everything, and even posted to a linux forum I belong to for help. After three pages and a boat load of troubleshooting no resolution.<br>
<br>Here is a link to the 3 page forum thread if your interested in seeing all that we tried to do. There is debug information and even tcpdump info in there.<br><a>http://www.linuxquestions.org/questions/linux-server-73/bind-dns-recursion-now-working-924978/</a><br>
<br>If anyone can help it would be greatly appreciated. If you need any more information please let me know.<br><br><br>This DNS server does not answer recursive queries. Here is my config.<br><br>options {<br> directory "/var/named";<br>
allow-query { any; };<br> recursion yes;<br> edns-udp-size 512;<br> listen-on-v6 { none; };<br>};<br>logging{<br> channel query_log {<br> file "ns1-bind.log" versions unlimited size 100m;<br>
severity info;<br> print-time yes;<br> print-severity yes;<br> print-category yes;<br> };<br> category xfer-in{ query_log; };<br> category xfer-out{ query_log; };<br> category update{ query_log; };<br>
category general{ query_log; };<br> category queries{ query_log; };<br> channel default_debug {<br> file "data/named.run";<br> severity dynamic;<br> };<br>
};<br><br>key "dnsadmin" {<br> algorithm hmac-md5;<br> secret "pjbruihfeuhruehferfw=";<br>};<br><br>controls {<br> inet 127.0.0.1 allow { localhost; } keys { dnsadmin; };<br>};<br><br><br>zone "." IN {<br>
type hint;<br> file "<a>named.ca</a>";<br>};<br><br>include "/etc/named.rfc1912.zones";<br><br><br><br><br>When I try to query <a>google.com</a> it just hangs then returns a servfail:<br>
# dig @localhost <a>google.com</a><br><br>; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost <a>google.com</a><br>; (2 servers found)<br>
;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58542<br>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0<br><br>;; QUESTION SECTION:<br>;<a>google.com</a>. IN A<br>
<br>;; Query time: 2695 msec<br>;; SERVER: 127.0.0.1#53(127.0.0.1)<br>;; WHEN: Mon Jan 23 16:01:27 2012<br>;; MSG SIZE rcvd: 28<br><br><br>If I do a dig with +trace at the end it works:<br>[root@ns1 etc]# dig @localhost <a>google.com</a> +trace<br>
<br>; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost <a>google.com</a> +trace<br>; (2 servers found)<br>;; global options: +cmd<br>. 518342 IN NS <a>d.root-servers.net</a>.<br>
. 518342 IN NS <a>c.root-servers.net</a>.<br>. 518342 IN NS <a>b.root-servers.net</a>.<br>. 518342 IN NS <a>a.root-servers.net</a>.<br>
. 518342 IN NS <a>l.root-servers.net</a>.<br>. 518342 IN NS <a>f.root-servers.net</a>.<br>. 518342 IN NS <a>g.root-servers.net</a>.<br>
. 518342 IN NS <a>j.root-servers.net</a>.<br>. 518342 IN NS <a>e.root-servers.net</a>.<br>. 518342 IN NS <a>h.root-servers.net</a>.<br>
. 518342 IN NS <a>i.root-servers.net</a>.<br>. 518342 IN NS <a>m.root-servers.net</a>.<br>. 518342 IN NS <a>k.root-servers.net</a>.<br>
;; Received 340 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms<br><br>com. 172800 IN NS <a>a.gtld-servers.net</a>.<br>com. 172800 IN NS <a>b.gtld-servers.net</a>.<br>
com. 172800 IN NS <a>c.gtld-servers.net</a>.<br>com. 172800 IN NS <a>d.gtld-servers.net</a>.<br>com. 172800 IN NS <a>e.gtld-servers.net</a>.<br>
com. 172800 IN NS <a>f.gtld-servers.net</a>.<br>com. 172800 IN NS <a>g.gtld-servers.net</a>.<br>com. 172800 IN NS <a>h.gtld-servers.net</a>.<br>
com. 172800 IN NS <a>i.gtld-servers.net</a>.<br>com. 172800 IN NS <a>j.gtld-servers.net</a>.<br>com. 172800 IN NS <a>k.gtld-servers.net</a>.<br>
com. 172800 IN NS <a>l.gtld-servers.net</a>.<br>com. 172800 IN NS <a>m.gtld-servers.net</a>.<br>;; Received 488 bytes from 199.7.83.42#53(<a>l.root-servers.net</a>) in 42 ms<br>
<br><a>google.com</a>. 172800 IN NS <a>ns2.google.com</a>.<br><a>google.com</a>. 172800 IN NS <a>ns1.google.com</a>.<br>
<a>google.com</a>. 172800 IN NS <a>ns3.google.com</a>.<br><a>google.com</a>. 172800 IN NS <a>ns4.google.com</a>.<br>
;; Received 164 bytes from 192.54.112.30#53(<a>h.gtld-servers.net</a>) in 97 ms<br><br><a>google.com</a>. 300 IN A 74.125.115.99<br><a>google.com</a>. 300 IN A 74.125.115.106<br>
<a>google.com</a>. 300 IN A 74.125.115.104<br><a>google.com</a>. 300 IN A 74.125.115.103<br><a>google.com</a>. 300 IN A 74.125.115.105<br>
<a>google.com</a>. 300 IN A 74.125.115.147<br>;; Received 124 bytes from <a value="+12162393210">216.239.32.10#53</a>(<a>ns1.google.com</a>) in 30 ms<br><br>You have new mail in /var/spool/mail/root<br>
<br><br>
<br></div></div>_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><span class="HOEnZb"><font color="#888888"><br></font></span></blockquote></div><span class="HOEnZb"><font color="#888888"><br>
<br clear="all"><div><br></div>-- <br>Ezra Taylor<br>
</font></span></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Ezra Taylor<br>
</div>