On 01/11/13 03:05, Daniele wrote:
Port 53 is open, I can also telnet it from another box in the same
network.
Now I think the problem can be on the packets size, because I'm trying
every solution but nothing works.
2013/1/9 Lyle Giese <l...@lcrcomputer.net <mailto:l...@lcrcomputer.net>>
On 01/09/13 08:39, Daniele wrote:
2013/1/9 Phil Mayers <p.may...@imperial.ac.uk
<mailto:p.may...@imperial.ac.uk>>
On 09/01/13 13:53, Daniele wrote:
This is the scenario.
I installed BIND9 via `apt-get` on a newly installed
UBUNTU 12.04,
virtualized on VirtualBox.
The network works properly because if I indicate a
different server from
my own BIND9 (the first line of '/etc/resolv.conf' is,
for example,
`nameserver 8.8.8.8`) the lookups and any action on the
Internet succeed.
No, this assumption is not valid.
I meant that I can reach the Internet and, vice versa, the
Internet can reach my terminal.
_______________________________________________
Please visithttps://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
Recursive queries that named does for a client are different than
your machine as a dns client reaching out to Google's recursive
service.
You need to have UDP & TCP port 53 open to your recursive
server(the one running named) first of all. And if any network
element within your network limits the size of UDP packets, you
will have problems with EDNS0 queries.
On this box running named, try this:
dig +trace www.msn.com <http://www.msn.com>
dig +trace imperial.ac.uk <http://imperial.ac.uk>
After dig gets a copy of the root servers from the local named, it
will do the same type of queries that a recursive name server does.
Lyle Giese
LCR Computer Services, Inc.
Saying port 53 is open because you can telnet to it from a local
computer is a very limited test.
1) Telnet only use TCP, UDP is the primary/first communication channel
DNS uses.
2) The router between this computer and the Internet is not at fault?
You have done no tests to prove that one way or the other.
Do a couple of dig +trace runs and see what that shows. And try some
any queries to a dnssec enable domain.
Lyle Giese
LCR Computer Services, Inc.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users