DNS server works but keep getting host unreachable resolving error

2009-09-21 Thread Shi Jin 
Hi there,

I've setup a DNS server running bind9 in my LAN and set it up to ISP provided 
DNS servers as the forwarders. Currently this DNS server works in the sense 
both internal and external names are resolved without any problem. However, for 
each DNS query, the syslog shows entries of 

dhcp-dns named[18638]: host unreachable resolving 'google.com/A/IN': 
216.171.238.66#53
Where the IP 216.171.238.66 is the ISP provided DNS server. 

My named.conf.options looks like
forwarders {
216.171.238.66;
216.171.238.67;
 };
listen-on-v6 { none; };

When I run dig, I get
/etc/bind# dig

;  DiG 9.5.1-P2 
;; global options:  printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 48733
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14

;; QUESTION SECTION:
;.  IN  NS

;; ANSWER SECTION:
.   435420  IN  NS  K.ROOT-SERVERS.NET.
.   435420  IN  NS  A.ROOT-SERVERS.NET.
.   435420  IN  NS  H.ROOT-SERVERS.NET.
.   435420  IN  NS  M.ROOT-SERVERS.NET.
.   435420  IN  NS  E.ROOT-SERVERS.NET.
.   435420  IN  NS  J.ROOT-SERVERS.NET.
.   435420  IN  NS  D.ROOT-SERVERS.NET.
.   435420  IN  NS  L.ROOT-SERVERS.NET.
.   435420  IN  NS  G.ROOT-SERVERS.NET.
.   435420  IN  NS  F.ROOT-SERVERS.NET.
.   435420  IN  NS  B.ROOT-SERVERS.NET.
.   435420  IN  NS  C.ROOT-SERVERS.NET.
.   435420  IN  NS  I.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 521820  IN  A   198.41.0.4
A.ROOT-SERVERS.NET. 521820  IN  2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 297362  IN  A   192.228.79.201
C.ROOT-SERVERS.NET. 297362  IN  A   192.33.4.12
D.ROOT-SERVERS.NET. 297362  IN  A   128.8.10.90
E.ROOT-SERVERS.NET. 297362  IN  A   192.203.230.10
F.ROOT-SERVERS.NET. 347113  IN  A   192.5.5.241
F.ROOT-SERVERS.NET. 521820  IN  2001:500:2f::f
G.ROOT-SERVERS.NET. 297362  IN  A   192.112.36.4
H.ROOT-SERVERS.NET. 297362  IN  A   128.63.2.53
H.ROOT-SERVERS.NET. 297362  IN  2001:500:1::803f:235
I.ROOT-SERVERS.NET. 297362  IN  A   192.36.148.17
J.ROOT-SERVERS.NET. 330463  IN  A   192.58.128.30
J.ROOT-SERVERS.NET. 330463  IN  2001:503:c27::2:30

;; Query time: 0 msec
;; SERVER: 192.168.1.127#53(192.168.1.127)
;; WHEN: Mon Sep 21 14:11:54 2009
;; MSG SIZE  rcvd: 500

The IP 192.168.1.127 is the IP address of the LAN DNS server I've setup.
The has NAT firewall enabled so it is able to access to the ISP provided DNS 
server directly. However, it looks to me like the ISP provided DNS server 
(216.171.238.66) was not able to resolve any of the names and all the resolving 
is done at the top level servers. Is my understanding correct?

More importantly, is this the correct behavior I should expect and how to I 
solve the host unreachable resolving problem?

I appreciate you help. Thank you very much.


--
Shi Jin, PhD


  
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNS server works but keep getting host unreachable resolving error

2009-09-21 Thread Shi Jin 
Thank you all.
I've confirmed that the problem is firewall related. I've replaced my current 
Untangle firewall with a simplest Linux NAT iptables firewall and everything 
works perfectly, without any complains.

Thank you very much for your kind help/suggestions.

Shi


  
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users