Visit The New, Modern Unix Linux Community


BIND and dig errors


 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers BIND and dig errors
# 1  
Data BIND and dig errors

Hi all, I'm running BIND 9.1.3 and the accompanying `dig and nslookup' on a vanilla Redhat 7.2 Linux box.

I've produced all of my Zone data and config files (I used h2n with some manual tweaks to do this, as some >= v8.2 BIND features aren't properly supported as far as I can see).

Im my resolv.conf I have I have the following 2 lines (the hostname is dns1a.company.com and it's IP address is 123.123.123.123):

domain company.com
namerserver 123.123.123.123

When I try to do a lookup, say`dig www.yahoo.com` I get the error message:

;; connection timed out; no servers could be reached

My question is this: is this error message refering to the fact that nslookup cannot find my newly-installed local named, or that it can't being querying *other* nameservers for information about www.yahoo.com

Any help would be appreciated. I'm here to learn, so hints would be helpful (although answers are always nice :-).

Thanks in advance... Sam.
# 2  
nslookup would query all name servers in resolv.conf, if you have just your name server over there, then it means your server fails to resolve addresses
# 3  
Perhaps I'm missing something fundemental to DNS name resolution here. If I've only got my own local Nameserver in the resolv.conf and that has no information about www.yahoo.com (or anything else for that matter), why does it not transcend all the way down to the root nameservers (which it knows about through the root hints file - the addresses are valid I can ping them) and get me a valid answer by issuing iterative queries to Nameservers until it finds an authoritative answer?
# 4  
...Yeap, you're right. I guess something is wrong ether with DNS configuration (zone files are not loaded - check permitions for DNS directories) or with network configuration.

Good luck

Smilie
# 5  
Bug Must be wrong with configuration

Network is ok.There must be wrong with the configuration,Just the zone files and named.conf
Also you can verify if the named service is existing. Smilie
# 6  
Bug Thanks

Thanks. At least I know where to start now. I presumed that h2n would give me some valid files but obviously not Smilie
# 7  
Solved it, now to refine....

I've located the source of the problem: IPCHAINS.

When I stop my firewalling on the Linux box local and remote DNS resolution are both fine.

My ipchains rules are as such (assuming that the IP address of my box is 123.123.123.123):

:input DENY
:forward DENY
:output ACCEPT

-A input -p icmp -j ACCEPT

# dns
-A input -d 123.123.123.123 53 -p udp -j ACCEPT
-A input -s 123.123.123.123 53 -p udp -j ACCEPT
-A input -d 123.123.123.123 53 -p tcp -j ACCEPT
-A input -s 123.123.123.123 53 -p tcp -j ACCEPT

# ssh
-A input -d 123.123.123.123 22 -p udp -j ACCEPT
-A input -s 123.123.123.123 22 -p udp -j ACCEPT
-A input -d 123.123.123.123 22 -p tcp -j ACCEPT
-A input -s 123.123.123.123 22 -p tcp -j ACCEPT

which in my mind would allow all ssh trafic (which it does) and all DNS traffic, regardless of whether it travelled over udp (usual) or tcp (rarely). The connection should also be allowed both ways, surely.

Can anyone spot any obvious mistakes? Thanks again.
 

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

Test Your Knowledge in Computers #402
Difficulty: Medium
The term 3D printing originally referred to a powder bed process employing standard and custom inkjet print heads.
True or False?

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Perl dig script

Experts - I was hoping someone could help me out with the logic on this perl script. I'm trying to run some dig commands and parse in such a way as to group them together. Here's what I have so far. #!/usr/bin/perl system(clear); my @host = qw/yahoo.com google.com /; foreach... (2 Replies)
Discussion started by: timj123
2 Replies

2. Shell Programming and Scripting

Dig match

Hi, I am testing some code to match a grep to see if one of the dns server exists but it does not seem to match: ERROR: ======= CRITICAL: google.com DNS : ns3.google.com NOT found CODE: ===== if ; then echo "OK: google.com DNS : ns3.google.com exists" else echo... (5 Replies)
Discussion started by: dmccabe
5 Replies

3. UNIX for Advanced & Expert Users

DIG uses localhost

Hi, I have these entries in the /etc/esolv.conf: ------------ domain xxxxxx search yyyyyy nameserver 127.0.0.1 nameserver aaaaaaaaaaaaaaaa nameserver bbbbbbbbbbbbbbbb ------------- When I use 'dig' or 'nslookup' command, like 'dig yahoo.com' it uses the localhost as the server. I... (2 Replies)
Discussion started by: chaandana
2 Replies

4. IP Networking

The dig command

Can I use two different DNS servers in the one command in the form of primary and secondary. Take this for example: dig @<primaryAddress> @<secondaryAddress> MX domain.tld So if primary address is down, it will use the secondary address as a backup. It seems to work when testing, but thought... (1 Reply)
Discussion started by: neil_is_ere
1 Replies

5. UNIX for Dummies Questions & Answers

dig query time

Hi Guys, I just need a confirmation if what think i know is right . dig yahoo.com ; <<>> DiG 9.7.0-P1 <<>> yahoo.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27410 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ... (1 Reply)
Discussion started by: mtomar
1 Replies

6. UNIX for Dummies Questions & Answers

Dig command output?

all, i am newbie to dns bind . Any help is very appreciated. I am using dig command to view the records in the config. I am expecting the following comamnds to display all the A (Address records) in the zone data file. my zone data file looks like this ------------------- $ORIGIN . $TTL... (2 Replies)
Discussion started by: sujathab
2 Replies

7. Solaris

Errors compiling Bind

Hi all, Apologies if this is the wrong forum for this question, if it is, could some one point me to the right one please. I am trying to compile bind-9.5.1b1 on Solaris 10 Get the error when try to configure: checking for OpenSSL library... using OpenSSL from /usr/local/lib and... (5 Replies)
Discussion started by: callmebob
5 Replies

8. UNIX for Dummies Questions & Answers

linux dig command

When I use the linux dig command such as #dig yahoo.com it resolves but when I use the same command as root it gives me error "Segmentation Fault" Please advise I am completly baffled. (1 Reply)
Discussion started by: Tirmazi
1 Replies

9. Shell Programming and Scripting

New to UNIX - what script to dig into to

First I would like to thank you for your time in running a great Forum! Background - Windows/ASP/VB COM/SQL Server programmer/Webmaster. Desire - To build similar skillset on UNIX. I am looking at learning Perl or Python (maybe Jython due to connection to Java). I have a brief background... (3 Replies)
Discussion started by: nimrod
3 Replies

10. UNIX for Dummies Questions & Answers

dig

what is dig? Is it just a advanced type of nslookup? how to use it? //nicke:confused: (1 Reply)
Discussion started by: nicke30
1 Replies

Featured Tech Videos