Hi there, I've setup a DNS server running bind9 in my LAN and set it up to ISP provided DNS servers as the forwarders. Currently this DNS server works in the sense both internal and external names are resolved without any problem. However, for each DNS query, the syslog shows entries of
dhcp-dns named[18638]: host unreachable resolving 'google.com/A/IN': 216.171.238.66#53 Where the IP 216.171.238.66 is the ISP provided DNS server. My named.conf.options looks like forwarders { 216.171.238.66; 216.171.238.67; }; listen-on-v6 { none; }; When I run dig, I get /etc/bind# dig ; <<>> DiG 9.5.1-P2 <<>> ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48733 ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 435420 IN NS K.ROOT-SERVERS.NET. . 435420 IN NS A.ROOT-SERVERS.NET. . 435420 IN NS H.ROOT-SERVERS.NET. . 435420 IN NS M.ROOT-SERVERS.NET. . 435420 IN NS E.ROOT-SERVERS.NET. . 435420 IN NS J.ROOT-SERVERS.NET. . 435420 IN NS D.ROOT-SERVERS.NET. . 435420 IN NS L.ROOT-SERVERS.NET. . 435420 IN NS G.ROOT-SERVERS.NET. . 435420 IN NS F.ROOT-SERVERS.NET. . 435420 IN NS B.ROOT-SERVERS.NET. . 435420 IN NS C.ROOT-SERVERS.NET. . 435420 IN NS I.ROOT-SERVERS.NET. ;; ADDITIONAL SECTION: A.ROOT-SERVERS.NET. 521820 IN A 198.41.0.4 A.ROOT-SERVERS.NET. 521820 IN AAAA 2001:503:ba3e::2:30 B.ROOT-SERVERS.NET. 297362 IN A 192.228.79.201 C.ROOT-SERVERS.NET. 297362 IN A 192.33.4.12 D.ROOT-SERVERS.NET. 297362 IN A 128.8.10.90 E.ROOT-SERVERS.NET. 297362 IN A 192.203.230.10 F.ROOT-SERVERS.NET. 347113 IN A 192.5.5.241 F.ROOT-SERVERS.NET. 521820 IN AAAA 2001:500:2f::f G.ROOT-SERVERS.NET. 297362 IN A 192.112.36.4 H.ROOT-SERVERS.NET. 297362 IN A 128.63.2.53 H.ROOT-SERVERS.NET. 297362 IN AAAA 2001:500:1::803f:235 I.ROOT-SERVERS.NET. 297362 IN A 192.36.148.17 J.ROOT-SERVERS.NET. 330463 IN A 192.58.128.30 J.ROOT-SERVERS.NET. 330463 IN AAAA 2001:503:c27::2:30 ;; Query time: 0 msec ;; SERVER: 192.168.1.127#53(192.168.1.127) ;; WHEN: Mon Sep 21 14:11:54 2009 ;; MSG SIZE rcvd: 500 The IP 192.168.1.127 is the IP address of the LAN DNS server I've setup. The has NAT firewall enabled so it is able to access to the ISP provided DNS server directly. However, it looks to me like the ISP provided DNS server (216.171.238.66) was not able to resolve any of the names and all the resolving is done at the top level servers. Is my understanding correct? More importantly, is this the correct behavior I should expect and how to I solve the "host unreachable resolving" problem? I appreciate you help. Thank you very much. -- Shi Jin, PhD _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users