BIND - Locally OK, LAN cleints unable to resolve?

Xaque208 · 08-08-2005, 12:21 AM

Hi,

I have followed countless tutorials about bind and I have never actually gotten it to work the way it should. It has always just worked enough to get me by. Here it is:

I setup BIND on a machine and for that machine, the DNS names are resolved with no problem. I used dig to see where the information was comming from and it cam from the local server. I opend iptables port 53 and did an nmap to scan udp ports and it was open so I am sure that part of it is ok. It seems funny that the local machine can resolve anything it wants, including specified localnet hostnames, but when I try to have another machine on the network use the server as its DNS resolver, it just won't go through. I have been stuck on this for a long time. Please help. Thanks in advance. Here is some output that may help:

durance bind # dig google.com

; <<>> DiG 9.2.5 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14608
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 216.239.39.99
google.com. 300 IN A 216.239.57.99
google.com. 300 IN A 216.239.37.99

;; AUTHORITY SECTION:
google.com. 345600 IN NS ns1.google.com.
google.com. 345600 IN NS ns2.google.com.
google.com. 345600 IN NS ns3.google.com.
google.com. 345600 IN NS ns4.google.com.

;; Query time: 471 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 7 23:15:49 2005
;; MSG SIZE rcvd: 148

#1st cache 471 ms

durance bind # iptables -L | grep domain
ACCEPT udp -- 192.168.0.0/24 anywhere udp dpt:domain

qs_tahmeed · 08-08-2005, 01:05 AM

Hi!

to me it looks as a firewall problem. have you allowed your Server's firewall to
accept new connections. else none would be able to use your DNS.

regrads

Xaque208 · 08-08-2005, 09:32 AM

Here is the full tables, thanks for the reply. Is there a better way to accept new connections?

durance home # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- localhost localhost
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- 192.168.0.0/24 anywhere udp dpt:domain
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpt:sunrpc
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpt:nfs
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpt:2219
ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpt:4045
LOG all -- anywhere anywhere limit: avg 40/min burst 5 LOG level warning
DROP all -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination