Bind 9 on Redhat 9 behind router

Good day,

I am having a little difficulty with DNS resolution. It would seem that i can resolve locally hosted domains but nothing external. I have bind 9 setup on redhat 9 behind a router. Now I also have bind 9 set up on a redhat 8 box that is not behind a router that works fine, the conifgs are identical. My router is setup to forward port 53 (TCP & UDP) to the redhat 9 box. When doing an nslookup from an external system i can resolve the local domains but nothing else. The same is true when I do an nslookup on the local host. Any help here would be greatly appreciated.



TIA, Ikabod.

sorry can't help ya, you didn't give me a domain with which I can test.

Sorry,



canadianman.ca

Is the website supposed to resolve to 68.145.52.149?



Are these supposed to be your dns servers:



ns1.thecave.net (68.144.64.9)

pd1.canadianman.ca (68.145.39.91)

pd2.canadianman.ca (68.145.52.149)



If so, why isn't pd2 set as a dns host for your domain at your registrar?

Also, why isn't a NS record for ns1.thecave.net in your zone file?



Please post your named.conf to your next reply.

That is strange, pd1 is the server that should not be listed as I want to pull it from production for a rejump when i get pd2 running.



ns1.thecave .net is a friends dns server which I use as my secondary.



Here is the named.conf





// generated by named-bootconf.pl



options {

directory "/var/named";

/*

* If there is a firewall between you and nameservers you want

* to talk to, you might need to uncomment the query-source

* directive below. Previous versions of BIND always asked

* questions using port 53, but BIND 8.1 uses an unprivileged

* port by default.

*/

listen-on port 53 { 192.168.1.3; };

query-source address * port 53;

};



//

// a caching only nameserver config

//



controls {

inet 127.0.0.1 allow { localhost; } keys { rndckey; };

};



zone "." IN {

type hint;

file "named.ca";

};



zone "localhost" IN {

type master;

file "localhost.zone";

allow-update { none; };

};



zone "0.0.127.in-addr.arpa" IN {

type master;

file "named.local";

allow-update { none; };

};



zone "canadianman.ca" IN {

type master;

file "canadianman.zone";

allow-update { 68.145.39.91; 68.144.64.9; localhost; };

allow-query { any; };

};



zone "mountainprk.com" IN {

type master;

file "mountainprk.zone";

allow-update { 68.145.39.91; 68.144.64.9; localhost; };

allow-query { any; };

};



include "/etc/rndc.key";

ns1.theccave.net is in the zone file as my secondary. Should I not include this in the zone file if it is being used as the secondary?

Yes, the IP is correct for the page. this is the external IP of the router.

FYI - This list:



Name servers set at your registrar



Should always match this list:



Name servers set in your zone file



Now, I need to figure out what exactly the problem is cause your domain is fine. So I assume that your original question was why are you not able to resolve domains like "www.yahoo.com" etc. The reason I asked to see named.conf was to make sure it was acting as a resolver, and you are. Anybody in the entire world can use your server to resolve domains. Well, at least they should be. I tried it and got time outs. So this could be a firewall/router related problem. So let's test that theory:



On the redhat dns server execute the following commands and paste for me the results:



dig @127.0.0.1 www.yahoo.com

dig @198.41.0.4 com ns



Also paste for me the contents of resolv.conf



[EDIT]

Actually I may be wrong. one of your servers IS a open resolver. The other isn't. Which dns server's IP did you show the named.conf for?

I showed the named.conf for pd2, this is the one I am having trouble with. here are the results if the digs...



[jrus@pd2 jrus]$ dig @127.0.0.1 www.yahoo.com



; <<>> DiG 9.2.2-P3 <<>> @127.0.0.1 www.yahoo.com

;; global options: printcmd

;; connection timed out; no servers could be reached

[jrus@pd2 jrus]$ dig @198.41.0.4 com ns



; <<>> DiG 9.2.2-P3 <<>> @198.41.0.4 com ns

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44830

;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0



;; QUESTION SECTION:

;com. IN NS



;; ANSWER SECTION:

com. 172694 IN NS g.gtld-servers.net.

com. 172694 IN NS h.gtld-servers.net.

com. 172694 IN NS i.gtld-servers.net.

com. 172694 IN NS j.gtld-servers.net.

com. 172694 IN NS k.gtld-servers.net.

com. 172694 IN NS l.gtld-servers.net.

com. 172694 IN NS m.gtld-servers.net.

com. 172694 IN NS a.gtld-servers.net.

com. 172694 IN NS b.gtld-servers.net.

com. 172694 IN NS c.gtld-servers.net.

com. 172694 IN NS d.gtld-servers.net.

com. 172694 IN NS e.gtld-servers.net.

com. 172694 IN NS f.gtld-servers.net.



;; Query time: 34 msec

;; SERVER: 198.41.0.4#53(198.41.0.4)

;; WHEN: Mon May 10 13:34:06 2004

;; MSG SIZE rcvd: 245



[jrus@pd2 jrus]$ cat /etc/resolv.conf

nameserver 64.145.39.91

Ok, now I'm assuming that your original question was talking about how pd1 is fine, but pd2 is not working right even though it has the exact same config. Well they're 2 different versions although I don't see a problem with this. pd1 is BIND 9.2.1 and pd2 is BIND 9.2.3-P3.



So the only other explanation is that there is a firewall or router preventing return UDP packets from reaching your server. Try disabling any firewalls between pd2 and the internet, and route all UDP packets to pd2 with any routers that might be in the way. Then show me the dig yahoo request again.