<div dir="ltr">What tests should I do?<div style>If I query directly an external name-server (one of the root ones or 8.8.8.8 for example) I receive the correct response.</div><div style>For this reason I'm inclined to think that the router doesn't block packets to/from port 53.<br>
Why should it block packets generated by BIND9?</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">2013/1/12 Lyle Giese <span dir="ltr"><<a href="mailto:lyle@lcrcomputer.net" target="_blank">lyle@lcrcomputer.net</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div><div class="h5">
<div>On 01/11/13 03:05, Daniele wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Port 53 is open, I can also telnet it from another
box in the same network.<br>
Now I think the problem can be on the packets size, because I'm
trying every solution but nothing works.</div>
<div class="gmail_extra">
<br>
<br>
<div class="gmail_quote">2013/1/9 Lyle Giese <span dir="ltr"><<a href="mailto:lyle@lcrcomputer.net" target="_blank">lyle@lcrcomputer.net</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>
<div>
<div>On 01/09/13 08:39, Daniele wrote:<br>
</div>
</div>
</div>
<blockquote type="cite">
<div>
<div>
<div dir="ltr">2013/1/9 Phil Mayers <span dir="ltr"><<a href="mailto:p.mayers@imperial.ac.uk" target="_blank">p.mayers@imperial.ac.uk</a>></span><br>
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>On 09/01/13 13:53, Daniele wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> This is the
scenario.<br>
<br>
I installed BIND9 via `apt-get` on a
newly installed UBUNTU 12.04,<br>
virtualized on VirtualBox.<br>
The network works properly because if
I indicate a different server from<br>
my own BIND9 (the first line of
'/etc/resolv.conf' is, for example,<br>
`nameserver 8.8.8.8`) the lookups and
any action on the Internet succeed.<br>
<br>
</blockquote>
<br>
</div>
No, this assumption is not valid.</blockquote>
<div><br>
</div>
<div>I meant that I can reach the Internet
and, vice versa, the Internet can reach my
terminal. </div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div>
</div>
<div>
<pre>_______________________________________________
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
bind-users mailing list
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a></pre>
</div>
</blockquote>
Recursive queries that named does for a client are
different than your machine as a dns client reaching out
to Google's recursive service.<br>
<br>
You need to have UDP & TCP port 53 open to your
recursive server(the one running named) first of all. And
if any network element within your network limits the size
of UDP packets, you will have problems with EDNS0 queries.<br>
<br>
On this box running named, try this:<br>
<br>
dig +trace <a href="http://www.msn.com" target="_blank">www.msn.com</a><br>
<br>
dig +trace <a href="http://imperial.ac.uk" target="_blank">imperial.ac.uk</a><br>
<br>
After dig gets a copy of the root servers from the local
named, it will do the same type of queries that a
recursive name server does.<span><font color="#888888"><br>
<br>
Lyle Giese<br>
LCR Computer Services, Inc.<br>
<br>
</font></span></div>
<br>
</blockquote>
</div>
</div>
</blockquote></div></div>
Saying port 53 is open because you can telnet to it from a local
computer is a very limited test.<br>
<br>
1) Telnet only use TCP, UDP is the primary/first communication
channel DNS uses.<br>
<br>
2) The router between this computer and the Internet is not at
fault? You have done no tests to prove that one way or the other.<br>
<br>
Do a couple of dig +trace runs and see what that shows. And try
some any queries to a dnssec enable domain.<div class="im"><br>
<br>
Lyle Giese<br>
LCR Computer Services, Inc.<br>
<br>
</div></div>
<br>_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br></blockquote></div><br></div>