Re: no servers could be reached

Mon, 20 Oct 2008 14:27:52 -0700 

[EMAIL PROTECTED] wrote:
> I have  bind 9.3.4 install and running on RH5.  I am not able to query it 
> successfully.  Here are the trouble shooting techniques I have used thus far: 
>  All of them work when run from the command line of the DNS server its self.  
> The trouble starts when trying to query this DNS server from another machine. 
>  So again, locally, DNS queries are working. 
>
> Explicitly using TCP, a query is successful
> dig @xx.xx.xx.xxx yahoo.com. soa +vc
>
>  
> When using UDP (as I assume the following command does) no luck.  The 
> following is printed. 
> dig @xx.xx.xx.xxx yahoo.com. 
>
> ; <<>> DiG 9.2.4 <<>> @xx.xx.xx.xxx yahoo.com. 
> ; (1 server found)
> ;; global options:  printcmd
> ;; connection timed out; no servers could be reached
>
> I have also tried:
> nslookup
>   
>> lserver xx.xx.xx.xxx
>> www.abcnews.com
>>     
>
> I recieve the same message, connection timed out: no servers could be 
> reached. 
>
> I am able to telnet into port 53, as I'm sure the TCP port is working just 
> fine. 
>
> The lsof command shows the following:
>
> named     3776 named   20u     IPv4              12822                 UDP 
> 127.0.0.1:domain 
> named     3776 named   21u     IPv4              12823                 TCP 
> 127.0.0.1:domain (LISTEN)
> named     3776 named   22u     IPv4              12824                 UDP 
> xx.xx.xx.xxx:domain 
> named     3776 named   23u     IPv4              12825                 TCP 
> xx.xx.xx.xxx:domain (LISTEN)
> named     3776 named   24u     IPv4              12826                 UDP 
> *:40624 
> named     3776 named   25u     IPv6              12827                 UDP 
> *:48884 
> named     3776 named   26u     IPv4              12828                 TCP 
> 127.0.0.1:rndc (LISTEN)
>
> And finally, I have tried these commands with the firewall turned off.   It 
> appears as if UDP port 53 simply isn't listening.  I am out of ideas. 
>   
Hopefully you understand that UDP sockets aren't "listened" in the same 
way that TCP sockets are. On the Solaris man page for listen(3SOCKET), 
for instance, the text says "The listen() call applies only to sockets 
of type SOCK_STREAM or SOCK_SEQPACKET." UDP sockets are of type 
SOCK_DGRAM. I wouldn't consider the above display abnormal, then, 
although you might want to compare to a known working system.

How exactly have you configured your BIND to resolve Internet names? By 
forwarding to your ISP's nameservers? Or with an Internet root hints 
file, where everything else is fetched via iterative resolution?

If you're forwarding, then try generating some queries to your 
forwarders and see what you get.

If you're resolving iteratively, try dig +trace or mimicking the 
iterative resolution process manually by starting at the root zone and 
following the referrals on down.

                                                                         
               - Kevin

Reply via email to