BIND answers locally but not when queried by remote servers

grob115 · 08-13-2010, 12:15 PM

Hi, I've setup the "named" server to answer DNS queries. When I issue the command "dig @<DNS server IP> www.domain.com", it gives me the proper records, and logs a line at /var/log/messages.

However, when I tried to do the same from another Linux terminal, it says:

Code:

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @<DNS server IP> www.domain.com
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

When I tried to use "host www.domain.com <DNS server IP>", it ended up using the server in the /etc/resolv.conf file. Again, this works on the DNS server itself.

I checked the firewall by doing a telnet test from another server to port 53. It connects fine so the port isn't blocked.

Any idea what is happening?

engtmk · 08-13-2010, 02:25 PM

may be because you have to allow the quires to your bind installation from any host.

you have to check your named.conf file "which should be under /etc"

check for an entry “allow-query” and its value is defined as “localhost;” so you have to change it to “any”

after modifying the config file just restart the bind.

grob115 · 08-13-2010, 02:49 PM

Isn't by not including the "allow-query" directive, its default setting would allow any servers to query it?

engtmk · 08-14-2010, 10:12 AM

i guess you are right about allow-query directive

Quote:

Code:

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_4.2 <<>> @<DNS server IP> www.domain.com
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

these error means your bind server is unreachable from the remote one.

Quote:

I checked the firewall by doing a telnet test from another server to port 53. It connects fine so the port isn't blocked.

as far as i know telnet only makes connection to tcp ports you should try to use nmap from the remote machine to list all the open ports.