LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 01-21-2012, 11:48 AM   #1
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Rep: Reputation: 17
BIND DNS recursion now working?


I have a new BIND server.

Red Hat 6
BIND 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2

I finished configuring the system but I can not seem to get recursion working. I have the following in my options section:

recursion yes;
allow-recursion { LIST OF IP ADDRESSES/SUBNETS; };


When I run the following command:
dig @localhost google.com

# dig @localhost google.com

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

And when I do the same from a server that is in the allow-recursion list:

$ dig @********* google.com

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @********* google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Any ideas? There is nothing in the logs...
 
Old 01-21-2012, 12:09 PM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,974

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Hi,

First of all check if named is running, as you get a "connection timed out; no servers could be reached"
Code:
ps -ef|grep named
BTW you don't need a "recursion yes;", since you use the "allow-recursion" directive

Regards
 
Old 01-21-2012, 12:19 PM   #3
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by bathory View Post
Hi,

First of all check if named is running, as you get a "connection timed out; no servers could be reached"
Code:
ps -ef|grep named
Thanks for your help, it is running and listening.

Code:
named     6270     1  3 12:16 ?        00:00:00 /usr/sbin/named -u named -4 -t /var/named/chroot
Code:
# netstat -an | grep -i listen  
tcp        0      0 *.*.*.*:53            0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN
 
Old 01-21-2012, 01:05 PM   #4
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,974

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Are you using forwarders?
Could you post your named.conf to see if that's the case?
 
Old 01-21-2012, 01:07 PM   #5
Nomad-71
LQ Newbie
 
Registered: Jan 2012
Location: Russia
Distribution: Fedora
Posts: 15

Rep: Reputation: 0
Can queries be blocked by firewall?
What about servers to be asked about google? Have you configured your dns server to ask root servers or may be "forwarders" option has been used?
Can you show us your named.conf?
 
Old 01-21-2012, 01:42 PM   #6
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Original Poster
Rep: Reputation: 17
I trimmed down the named.conf file just for troubelshooting. Here is what I currently have:

options {
version "none";
listen-on port 53 { any; };
directory "/var/named/data";
recursion yes;
allow-recursion {any;};
allow-query {any;}; // this is needed to override the default
allow-transfer {any; }; // transfer will be allowed per zone below.
edns-udp-size 512;
listen-on-v6 { none; };

};

logging {
channel default_debug {
file "named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "db.cache";
};
 
Old 01-21-2012, 02:07 PM   #7
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,974

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
You named.conf looks fine
What happens when you do:
Code:
dig @localhost google.com +trace
 
Old 01-21-2012, 02:13 PM   #8
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Original Poster
Rep: Reputation: 17
# dig @localhost google.com +trace

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @localhost google.com +trace
; (1 server found)
;; global options: +cmd
. 518229 IN NS m.root-servers.net.
. 518229 IN NS c.root-servers.net.
. 518229 IN NS a.root-servers.net.
. 518229 IN NS b.root-servers.net.
. 518229 IN NS j.root-servers.net.
. 518229 IN NS g.root-servers.net.
. 518229 IN NS e.root-servers.net.
. 518229 IN NS l.root-servers.net.
. 518229 IN NS d.root-servers.net.
. 518229 IN NS k.root-servers.net.
. 518229 IN NS i.root-servers.net.
. 518229 IN NS h.root-servers.net.
. 518229 IN NS f.root-servers.net.
;; Received 320 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
;; Received 488 bytes from 192.228.79.201#53(b.root-servers.net) in 20017 ms

google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
;; Received 164 bytes from 192.5.6.30#53(a.gtld-servers.net) in 46 ms

google.com. 300 IN A 74.125.115.103
google.com. 300 IN A 74.125.115.104
google.com. 300 IN A 74.125.115.99
google.com. 300 IN A 74.125.115.105
google.com. 300 IN A 74.125.115.106
google.com. 300 IN A 74.125.115.147
;; Received 124 bytes from 216.239.34.10#53(ns2.google.com) in 18 ms
 
Old 01-21-2012, 02:14 PM   #9
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Original Poster
Rep: Reputation: 17
Hmm.. this is odd, but you may be on to something here. Once the query is cached it answers fine. So is there a problem with my server speaking to the root servers?
 
Old 01-21-2012, 02:26 PM   #10
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,974

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Could be that your hint zone file is outdated. Try to get a new one with:
Code:
dig @192.33.4.12 . ns > db.cache
Replace your /var/named/chroot/var/named/data/db.cache with the new one from the command above, restart bind and see what you get.
 
Old 01-21-2012, 02:32 PM   #11
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Original Poster
Rep: Reputation: 17
No I just updated it.

# cat db.cache
; This file holds the information on root name servers needed to
; initialize cache of Internet domain name servers
; (e.g. reference this file in the "cache . <file>"
; configuration file of BIND domain name servers).
;
; This file is made available by InterNIC
; under anonymous FTP as
; file /domain/named.cache
; on server FTP.INTERNIC.NET
; -OR- RS.INTERNIC.NET
;
; last update: Jun 8, 2011
; related version of root zone: 2011060800
;
; formerly NS.INTERNIC.NET
 
Old 01-21-2012, 02:39 PM   #12
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,974

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
If this is your hint zonefile, then it's not complete. There no root servers, nor their IPs in it.
Run my command above to get a fresh copy of it, or get the attached file and rename it accordingly.
Attached Files
File Type: txt db.cache.txt (1.6 KB, 2 views)
 
Old 01-21-2012, 02:42 PM   #13
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by bathory View Post
If this is your hint zonefile, then it's not complete. There no root servers, nor their IPs in it.
Run my command above to get a fresh copy of it, or get the attached file and rename it accordingly.
I am sorry, I truncated the message, the IP addresses are there:

Code:
# cat db.cache 
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC 
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jun 8, 2011
;       related version of root zone:   2011060800
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
D.ROOT-SERVERS.NET.	 3600000      AAAA  2001:500:2D::D
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2F::F
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803F:235
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FE::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7FD::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:3::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:DC3::35
; End of File
 
Old 01-21-2012, 02:54 PM   #14
vonedaddy
Member
 
Registered: Aug 2004
Location: Philadelphia,PA
Posts: 179

Original Poster
Rep: Reputation: 17
I am so lost, maybe it's a problem with cache?

If I do
dig @127.0.0.1 google.com +trace
It works fine

If I leave the trace out I get NO SERVERS CAN BE FOUND!?!?

WTF?!?


# dig @127.0.0.1 google.com +trace

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @127.0.0.1 google.com +trace
; (1 server found)
;; global options: +cmd
. 518092 IN NS j.root-servers.net.
. 518092 IN NS l.root-servers.net.
. 518092 IN NS e.root-servers.net.
. 518092 IN NS f.root-servers.net.
. 518092 IN NS b.root-servers.net.
. 518092 IN NS k.root-servers.net.
. 518092 IN NS a.root-servers.net.
. 518092 IN NS i.root-servers.net.
. 518092 IN NS c.root-servers.net.
. 518092 IN NS d.root-servers.net.
. 518092 IN NS m.root-servers.net.
. 518092 IN NS g.root-servers.net.
. 518092 IN NS h.root-servers.net.
;; Received 340 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms

com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 491 bytes from 128.63.2.53#53(h.root-servers.net) in 6 ms

google.com. 172800 IN NS ns2.google.com.
google.com. 172800 IN NS ns1.google.com.
google.com. 172800 IN NS ns3.google.com.
google.com. 172800 IN NS ns4.google.com.
;; Received 164 bytes from 192.26.92.30#53(c.gtld-servers.net) in 10 ms

google.com. 300 IN A 74.125.115.106
google.com. 300 IN A 74.125.115.104
google.com. 300 IN A 74.125.115.105
google.com. 300 IN A 74.125.115.103
google.com. 300 IN A 74.125.115.147
google.com. 300 IN A 74.125.115.99
;; Received 124 bytes from 216.239.34.10#53(ns2.google.com) in 19 ms

# dig @127.0.0.1 google.com

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.2 <<>> @127.0.0.1 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
 
Old 01-21-2012, 05:32 PM   #15
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,974

Rep: Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343Reputation: 1343
Quote:
I am so lost, maybe it's a problem with cache?
Doh, it's very strange indeed. The cache is kept into memory, not in a file.
The response you get is like it does not listen on port 53/udp. Could you verify it, by running:
Code:
netstat -tunapl|grep named
Also try to use use debugging and see what you get. Run:
Code:
rndc trace 3
do a query
and from another terminal watch named.run
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND - reverse dns queries only working locally, forward dns works fine. SloS13 Linux - Networking 3 08-25-2011 01:46 PM
Bind allow-recursion seems to be ignored helpmhost Linux - Server 1 06-04-2009 02:11 PM
bind dns recursion, is this supposed to do that? sir-lancealot Linux - Server 1 08-30-2007 08:26 PM
BIND 9.3.3 split dns recursion disallow twantrd Linux - Software 2 12-15-2006 07:12 PM
Problems with BIND-9.2.3 - No Recursion ScooterB Linux - Server 4 11-25-2006 12:10 PM


All times are GMT -5. The time now is 05:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration