Hi there,
I've setup a DNS server running bind9 in my LAN and set it up to ISP provided
DNS servers as the forwarders. Currently this DNS server works in the sense
both internal and external names are resolved without any problem. However, for
each DNS query, the syslog shows entries of
dhcp-dns named[18638]: host unreachable resolving 'google.com/A/IN':
216.171.238.66#53
Where the IP 216.171.238.66 is the ISP provided DNS server.
My named.conf.options looks like
forwarders {
216.171.238.66;
216.171.238.67;
};
listen-on-v6 { none; };
When I run dig, I get
/etc/bind# dig
; DiG 9.5.1-P2
;; global options: printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 48733
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 14
;; QUESTION SECTION:
;. IN NS
;; ANSWER SECTION:
. 435420 IN NS K.ROOT-SERVERS.NET.
. 435420 IN NS A.ROOT-SERVERS.NET.
. 435420 IN NS H.ROOT-SERVERS.NET.
. 435420 IN NS M.ROOT-SERVERS.NET.
. 435420 IN NS E.ROOT-SERVERS.NET.
. 435420 IN NS J.ROOT-SERVERS.NET.
. 435420 IN NS D.ROOT-SERVERS.NET.
. 435420 IN NS L.ROOT-SERVERS.NET.
. 435420 IN NS G.ROOT-SERVERS.NET.
. 435420 IN NS F.ROOT-SERVERS.NET.
. 435420 IN NS B.ROOT-SERVERS.NET.
. 435420 IN NS C.ROOT-SERVERS.NET.
. 435420 IN NS I.ROOT-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 521820 IN A 198.41.0.4
A.ROOT-SERVERS.NET. 521820 IN 2001:503:ba3e::2:30
B.ROOT-SERVERS.NET. 297362 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 297362 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 297362 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 297362 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 347113 IN A 192.5.5.241
F.ROOT-SERVERS.NET. 521820 IN 2001:500:2f::f
G.ROOT-SERVERS.NET. 297362 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 297362 IN A 128.63.2.53
H.ROOT-SERVERS.NET. 297362 IN 2001:500:1::803f:235
I.ROOT-SERVERS.NET. 297362 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 330463 IN A 192.58.128.30
J.ROOT-SERVERS.NET. 330463 IN 2001:503:c27::2:30
;; Query time: 0 msec
;; SERVER: 192.168.1.127#53(192.168.1.127)
;; WHEN: Mon Sep 21 14:11:54 2009
;; MSG SIZE rcvd: 500
The IP 192.168.1.127 is the IP address of the LAN DNS server I've setup.
The has NAT firewall enabled so it is able to access to the ISP provided DNS
server directly. However, it looks to me like the ISP provided DNS server
(216.171.238.66) was not able to resolve any of the names and all the resolving
is done at the top level servers. Is my understanding correct?
More importantly, is this the correct behavior I should expect and how to I
solve the host unreachable resolving problem?
I appreciate you help. Thank you very much.
--
Shi Jin, PhD
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users