[SOLVED] nslookup timed out, but only from localhost
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
However, executing the same command from localhost results in a time out.
Code:
root@server1:/etc/bind# nslookup google.com
;; connection timed out; no servers could be reached
Here is my named.conf.options:
Code:
// Allow the following to query the DNS.
acl goodclients {
localhost; // This host.
localnets; // All hosts on the LAN.
10.8.0.0/24; // Hosts coming from VPN tunnels.
};
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
allow-query { goodclients; };
forwarders {
// Google DNS servers
8.8.8.8;
8.8.4.4;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
What could cause bind to not be reachable from localhost?
$ dig google.com @127.0.0.1
; <<>> DiG 9.9.5-3ubuntu0.19-Ubuntu <<>> google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4710
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 299 IN A 172.217.4.46
;; AUTHORITY SECTION:
. 400 IN NS e.root-servers.net.
. 400 IN NS g.root-servers.net.
. 400 IN NS i.root-servers.net.
. 400 IN NS c.root-servers.net.
. 400 IN NS b.root-servers.net.
. 400 IN NS h.root-servers.net.
. 400 IN NS f.root-servers.net.
. 400 IN NS j.root-servers.net.
. 400 IN NS d.root-servers.net.
. 400 IN NS a.root-servers.net.
. 400 IN NS m.root-servers.net.
. 400 IN NS l.root-servers.net.
. 400 IN NS k.root-servers.net.
;; Query time: 51 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun Aug 15 10:29:38 EDT 2021
;; MSG SIZE rcvd: 266
I'm not familiar with dig. What is this telling me? Is it correct?
It looks like resolv.conf is the issue. We recently switched ISP and the entries in resolv.conf belong to the old ISP. I could update these to the new ISP, but that doesn't seem right to me. What is the proper way to configure it so that localhost uses the local bind server?
It looks like resolv.conf is the issue. We recently switched ISP and the entries in resolv.conf belong to the old ISP. I could update these to the new ISP, but that doesn't seem right to me. What is the proper way to configure it so that localhost uses the local bind server?
I don't know about the domainame in the domain/search options, but the IP is a private IP.
You should replace it with 127.0.0.1 in /etc/resolv.conf. How to do that depends if you use Network Manager, resolvconf or some other tool to configure your network.
It's not as simple as directly editing /etc/resolv.conf and restarting the appropriate service?
I'm running Slackware and it's as simple as editing directly /etc/resolv.conf.
You can try it at your Ubuntu and see if changes in /etc/resolv.conf persist reboots.
Changing nameserver to 127.0.0.1 resolved the issue. I also removed domain and search.
Code:
$ cat /etc/resolv.conf
nameserver 127.0.0.1
After having some time to think about it, I realized the previous setting were used to configure a static IP for this server, before I had configured the dns on it. That static IP remains, but now used localhost for dns.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.