On Thu, 2018-11-15 at 05:49 -0600, sethologik wrote: > But this is what i already did... > > could it be something with the firewall?
It _could_ be many things. You need to properly troubleshoot the issue. 1) Can a host with failing DNS resolution ping the DNS server? 2) Does a tool like nmap show what ports on the DNS server are open to a host with failing DNS resolution? 3) Log packets that are being dropped by the firewall and inspect the logs. 4) If #2 shows TCP port 53 on the DNS server is open to the host with failing DNS resolution check that UDP port 53 is also open (remember that the DNS protocol uses both TCP _and_ UDP). It is also worth remembering that unless your internal BIND server is the primary resolver for your private zones that it is highly unlikely that you will get those hostnames (i.e. website.test.de.webserver01.office.lan.de. or webserver01.office.lan.de.) resolved properly as a full resolution will start with a root server resolution of de., and then work up the chain to lan.de., office.lan.de., etc. If at any point in that resolution path there is no NS record for the next link up (until an A/AAAA record) your lookup will fail. But if the host that is not getting DNS resolution can't access your BIND server at all then the game is over before it began, and you need to look at first getting the network connectivity functional. Dnsmasq does some "interesting" things combining caching, forwarding, localised lookups, and DHCP/RA - the transition from the Dnsmasq way of doing things, to the bind way of doing things may not be as straight forward as you assumed, properly listing zones as masters (or slaves if you have more than one BIND server) is important, as is the proper defining of views if you are using them. Hopefully a full looking to the communication chain from host to server will help you find the problematic link. -- Nikolai Lusan <nikolai.lu...@gmail.com>
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users