Query results on Local server
================================================================
[root@dns ~]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 6a:dd:c0:d7:5f:af brd ff:ff:ff:ff:ff:ff
inet 10.10.0.110/16 brd 10.10.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::68dd:c0ff:fed7:5faf/64 scope link
valid_lft forever preferred_lft forever
[root@dns ~]# dig @10.10.0.110
www.google.com
; <<>> DiG 9.9.4-RedHat-9.9.4-18.el7_1.3 <<>> @10.10.0.110
www.google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53245
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;
www.google.com. IN A
;; ANSWER SECTION:
www.google.com. 300 IN A 216.58.220.36
;; AUTHORITY SECTION:
google.com. 171485 IN NS ns1.google.com.
google.com. 171485 IN NS ns3.google.com.
google.com. 171485 IN NS ns4.google.com.
google.com. 171485 IN NS ns2.google.com.
;; ADDITIONAL SECTION:
ns2.google.com. 171485 IN A 216.239.34.10
ns1.google.com. 171485 IN A 216.239.32.10
ns3.google.com. 171485 IN A 216.239.36.10
ns4.google.com. 171485 IN A 216.239.38.10
;; Query time: 421 msec
;; SERVER: 10.10.0.110#53(10.10.0.110)
;; WHEN: Wed Aug 19 11:40:11 EDT 2015
;; MSG SIZE rcvd: 195
But when running the same query on other server getting following error
===============================================================
root@parametrique:~# dig @10.10.0.110
www.google.com
; <<>> DiG 9.8.1-P1 <<>> @10.10.0.110
www.google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
Below is my named.conf
===========================================================
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
allow-recursion { localnets; localhost;};
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";