[SOLVED] Centos 6.5 DNS problem ( dig reports no servers could be reached.. from internet.)
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Centos 6.5 DNS problem ( dig reports no servers could be reached.. from internet.)
hi all
i had centos 6.1 with DNS service working for years without any problem.Few days ago, had to replace hard disk and decided to upgrade to CENTOS 6.5! using same configuration of zone files/named.conf i am having wierd problem i can't seem able to overcame it. i could appreciate your assistance.
my ISP provider reports when query NS :
Quote:
DnsException: Error #2; Servidor inacessível; Server unreachable; 194.79.75.138
****++++****++++****
; <<>> DiG 9.7.0-P2 <<>> @194.79.75.138 m3t.pt NS +norecurse
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
****++++****++++****
Local on my server i get:
Quote:
[root@firewall ~]# dig @194.79.75.138 m3t.pt
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> @194.79.75.138 m3t.pt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28528
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;m3t.pt. IN A
;; ANSWER SECTION:
m3t.pt. 10800 IN A 194.79.75.138
;; AUTHORITY SECTION:
m3t.pt. 10800 IN NS ns.m3t.pt.
m3t.pt. 10800 IN NS ns.halla.pt.
;; ADDITIONAL SECTION:
ns.m3t.pt. 10800 IN A 194.79.75.138
ns.halla.pt. 86400 IN A 212.18.172.26
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> @194.79.75.138 m3t.pt NS
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
my files are as follows:
named.conf
Quote:
[root@firewall etc]# cat named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
-checked router! server is on DMZ zone and firewall is disabled.
i can telnet server on port 53.
- disabled SElinux / iptables
-tried several zone configurations without success.
results i dont understand:
when i run dig ( from internet on an outside server )
dig @194.79.75.138 m3t.pt NS
; <<>> DiG 9.10.1 <<>> @194.79.75.138 m3t.pt NS
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Code:
dig @194.79.75.138 m3t.pt NS +tcp
; <<>> DiG 9.10.1 <<>> @194.79.75.138 m3t.pt NS +tcp
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31863
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;m3t.pt. IN NS
;; ANSWER SECTION:
m3t.pt. 10800 IN NS ns.halla.pt.
m3t.pt. 10800 IN NS ns.m3t.pt.
;; ADDITIONAL SECTION:
ns.m3t.pt. 10800 IN A 194.79.75.138
;; Query time: 141 msec
;; SERVER: 194.79.75.138#53(194.79.75.138)
;; WHEN: Sat Nov 01 11:16:29 EET 2014
;; MSG SIZE rcvd: 91
And
Code:
dig @194.79.75.138 m3t.pt
; <<>> DiG 9.10.1 <<>> @194.79.75.138 m3t.pt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27425
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;m3t.pt. IN A
;; ANSWER SECTION:
m3t.pt. 10800 IN A 194.79.75.138
m3t.pt. 10800 IN A 212.18.172.26
;; AUTHORITY SECTION:
m3t.pt. 10800 IN NS ns.halla.pt.
m3t.pt. 10800 IN NS ns.m3t.pt.
;; ADDITIONAL SECTION:
ns.m3t.pt. 10800 IN A 194.79.75.138
ns.halla.pt. 86400 IN A 212.18.172.26
;; Query time: 140 msec
;; SERVER: 194.79.75.138#53(194.79.75.138)
;; WHEN: Sat Nov 01 11:16:57 EET 2014
;; MSG SIZE rcvd: 139
1st and 3rd queries use UDP, while the 2nd uses TCP
Since the last 2 work while the 1st doesn't, I guess there is a router that drops fragmented UDP packets.
Could also be a firewall, but you said you've disable it.
i was able to check UDP listening on port 53 over the internet.
from another server over the internet:
Quote:
nc -vzu 194.79.73.138 53
Connection to 194.79.73.138 53 port [udp/domain] succeeded!
i belived the router is working good.
-----
dig, but instead of domain(m3t.pt) i use ns.m3t.pt :
Quote:
dig @194.79.75.138 ns.m3t.pt NS
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> @194.79.75.138 ns.m3t.pt NS
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23571
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.m3t.pt. IN NS
;; AUTHORITY SECTION:
m3t.pt. 3600 IN SOA ns.m3t.pt. root.m3t.pt. 32 10800 3600 604800 3600
;; Query time: 32 msec
;; SERVER: 194.79.75.138#53(194.79.75.138)
;; WHEN: Sat Nov 1 14:40:22 2014
;; MSG SIZE rcvd: 68
otherwise it doesnt reach:
Quote:
dig @194.79.75.138 m3t.pt NS
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> @194.79.75.138 m3t.pt NS
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
i was able to check UDP listening on port 53 over the internet.
from another server over the internet:
Quote:
nc -vzu 194.79.73.138 53
Connection to 194.79.73.138 53 port [udp/domain] succeeded!
i belived the router is working good.
You cannot tell if it drops fragmented UDP packets though. Queries for A, MX RRs work, while for NS, SOA don't
Add the following in named.conf (outside of the options clause):
I'm out of ideas. If possible try a different router and see what happens.
You can use tcpdump and/or wireshark to see what happens to these packets when looking up NS records
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.