can't resolve external domains

[garwain]

I upgraded my server last week (linux redhat7.3 -> 9.0) and since then, NAMED/BIND has been acting up. I can resolve any domain that is set up in my name server, but anything that is remote doesn't exist as far as my server can tell.

It's not the firewall because I can connect from another machine with nslookup, and look up any domain on the server.

If I try to nslookup something remote like google.ca or yahoo.com (hotmail, msn, slashdot, etc) I just get timeouts.

My resolv.conf is set with just my servers IP, since I don't have access to any other name servers.

I have tried upgrading to later versions of BIND, but still have the same problem. My current setup is RedHat 9 with bind-9.3.1rc1

Any ideas on what I should be looking at? This is really annoying because my spam filter is now dead(uses DNS BLs) and SSH takes forever to connect while it tries to reverse lookup my IP...

Thanks

 

[ChrisAC]

How is your named.conf file set up? Does it allow recursion? Are you using forwarders? Do you have the root hints file?

What happens if you try a

dig

http://www.tek-tips.com

@216.45.16.13

You should get ..

;; QUESTION SECTION:
;

http://www.tek-tips.com.

IN A

;; ANSWER SECTION:

http://www.tek-tips.com.

3600 IN CNAME tek-tips.com.
tek-tips.com. 3600 IN A 216.45.19.33

;; AUTHORITY SECTION:
tek-tips.com. 3600 IN NS ns2.shutter.net.
tek-tips.com. 3600 IN NS ns.shutter.net.

;; ADDITIONAL SECTION:
ns.shutter.net. 86400 IN A 216.45.16.13
ns2.shutter.net. 86400 IN A 216.45.0.100

Chris.


**********************
Chris A.C, CCNA, CCSA
**********************

 

[garwain]

my named.conf is as follows

options {
        directory "/var/named";

};

logging {
// ignore all "lame server" errors (only do this if none of the lame servers belong to you; otherwise, fix them)  
category lame-servers{ null; };
};


//
// a caching only nameserver config
//
key rndc_key {
        algorithm       hmac-md5;
        secret
"iijwyAyHUjHMulLhInivHcrHaHMulqk0nMrlbnKunYQU0DxUrLbHtBohaYat";
};



controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
zone "." IN {
        type hint;
        file "named.ca";
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

//SNIP of locally hosted domains

Dig gave me:

; <<>> DiG 9.3.1rc1 <<>> [URL unfurl="true"]www.tek-tips.com[/URL] @216.45.16.13
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

also, if I try service named restart it tells me it's already running.

 

[ChrisAC]

From that box have you got outbound connectivity. It would seem as if you can't get UDP 53 outbound. I'm wondering if it's just UDP 53 or everything.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[garwain]

Everything else is working fine. my web server is working properly, SSH access is fine. NSlookup dies with timeouts, but if I telnet to another name server (ie ns5.zoneedit.com) using it's IP, and port 53, I connect. Trying nslookup on the remote server gives a timeout error just the same.

one wierd thing I noticed today, which I've also mentioned in the linux server forum is that netstat shows me 3 processes on port 53 for UDP and TCP. A.B.C.D is my IP address, and W.X.Y.Z is an old ip that I had over 2 years ago. I can't seem to find where that address is set in the system though.

tcp        0      0 A.B.C.D:53         0.0.0.0:*               LISTEN      
tcp        0      0 W.X.Y.Z:53        0.0.0.0:*               LISTEN      
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN  
udp        0      0 A.B.C.D:53         0.0.0.0:*                           
udp        0      0 W.X.Y.Z:53        0.0.0.0:*                           
udp        0      0 127.0.0.1:53            0.0.0.0:*

 

[ChrisAC]

Well, I think that you have a Linux problem rather than a BIND problem. If you can't get an outbound 'dig' to another server then something is badly wrong.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************