Daniele, It may be a simple case of your firewall not allowing any DNS queries that do not request recursion. Difficult to know.
You may want to try: dig +trace www.isc.org This will follow the referrals from the root, and you can verify that this works. The next step may be to try: dig +trace +dnssec www.isc.org This will ask for DNSSEC, which will mean enabling EDNS0 and getting bigger response packets, both of which can cause problems with broken middleboxes (although BIND 9 should work even in those cases). Cheers, -- Shane On Monday, 2013-01-14 10:44:44 +0100, Daniele <[email protected]> wrote: > What tests should I do? > If I query directly an external name-server (one of the root ones or > 8.8.8.8 for example) I receive the correct response. > For this reason I'm inclined to think that the router doesn't block > packets to/from port 53. > Why should it block packets generated by BIND9? _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
