Guys,
It's a strange problem. I'm in a network where i have a cisco firewall with multiple VLANs in INSIDE, one DMZ and an OUTSIDE. Say one of the INSIDE is A.B.C.1/26. The DMZ is C.D.E.F/27, The outside is P.Q.R.S

I'm running dynamic NAT at Cisco and things are smooth. NAT Works.

Now, In DMZ, I have a DNS server under linux (a VM) CentOS 5.9. It has IP C.D.E.6; and the mail under that same DMZ is C.D.E.7.

INSIDE and mail both are pointed to this DNS. Now, when I do a query for www.google.com or facebook.com or such in the DNS server (physically logged in), it gives reply. And same reply I get from mail server or some other INSiDE block. looks the DNS is working perfect... it first tries to give me reply and if fails, it queries to upstream servers and then replies me according to that. Great!! but the problem is there are few sites like www.icrera.org or such I tried to query from the same mail server or INSIDE network and it gave timeout. Well, I did the same query on the DNS server physically and DNS got reply...

It's strange, as some domains are getting replied and some are not... dns server can get reply, but when some clients are asking the dns for this, it can not give reply, get timeout... though some of the domains it can give reply fantastically... even if I reboot the dns, same.. and nothing in the /var/log/message unfortunately...

any ideas?? [Note: ACLs are oky, as i'm not hosting google... but it is working for google, ieee, etc... not working for a few from client, but the server is able to get the ip through query...]

Mishu~

Have you checked your query.log? what is the response for those failed queries?

there is no query.log file there at all...

From LAN: [place of failure]

Sep 4 10:40:58 ns1 named[2416]: client 10.0.0.200#59096: view internal: query: www.flynovoair.com IN A +
Sep 4 10:41:03 ns1 named[2416]: client 10.0.0.200#59096: view internal: query: www.flynovoair.com IN A +
Sep 4 10:41:07 ns1 named[2416]: network unreachable resolving 'ns1.bluehost.com/AAAA/IN': 2001:503:ba3e::2:30#53
Sep 4 10:41:08 ns1 named[2416]: client 10.0.0.200#59096: view internal: query: www.flynovoair.com IN A +


From DNS server @ DMZ, where it works::

Sep 4 10:41:30 ns1 named[2416]: client 10.1.2.6#50627: view internal: query: www.flynovoair.com IN A +

=============================================================
For logging, i just ON it using rndc querylog

=============================================================

Though it seems that ns1.bluehost.com is not responding to ping, basically from lan, when i ping using FQDN, nothing but when i ping using ip of the same server, it gives reply. Now, from DMZ, it's fully okey.

Logically if a domain is unknown to my dns, then my dns will query it and will reply to it's clients right?? it can query, but can not provide all of the domain's reply...few are working okey.... HELP PLEASE!!!

guys, any ideas??
also I did accordingto http://stackoverflow.com/questions/1...s-full-logging and it did not helped accordingly...

Mishu~