[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Dns bind9 not foward

Hi Chris,
I attach my log files about query with dig to opendns server.

and about grep:
deb-dns:/tmp# iptables -nvL | egrep -w 'Chain|53'
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

deb-dns:/tmp# iptables -t nat -nvL | egrep -w 'Chain|53'
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

Chris Davies wrote:

Thanks
Enrico Farabollini <enrico.farabollini@libero.it> provided information
about /etc/resolv.conf and the named logfile output.

OK, another question. I see you're using the OpenDNS name servers:

  
       forwarders {
           208.67.222.222;
           208.67.220.220;
	};
    
What happens if you try to resolve from them directly?

	dig www.microsoft.com @208.67.222.222
	dig www.microsoft.com @208.67.220.220

Are you firewalling requests to/from port 53?

	iptables -nvL | egrep -w 'Chain|53'
	iptables -t nat -nvL | egrep -w 'Chain|53'

Chris


  

; <<>> DiG 9.5.0-P2 <<>> www.microsoft.com @208.67.222.222
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53304
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;www.microsoft.com.		IN	A

;; ANSWER SECTION:
www.microsoft.com.	1754	IN	CNAME	toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 1	IN	CNAME	g.www.ms.akadns.net.
g.www.ms.akadns.net.	1	IN	CNAME	lb1.www.ms.akadns.net.
lb1.www.ms.akadns.net.	1	IN	A	207.46.193.254
lb1.www.ms.akadns.net.	1	IN	A	65.55.11.222
lb1.www.ms.akadns.net.	1	IN	A	65.55.21.250
lb1.www.ms.akadns.net.	1	IN	A	207.46.19.190
lb1.www.ms.akadns.net.	1	IN	A	207.46.19.254
lb1.www.ms.akadns.net.	1	IN	A	207.46.192.254

;; AUTHORITY SECTION:
microsoft.com.		110054	IN	NS	ns4.msft.net.
microsoft.com.		110054	IN	NS	ns5.msft.net.
microsoft.com.		110054	IN	NS	ns1.msft.net.
microsoft.com.		110054	IN	NS	ns2.msft.net.
microsoft.com.		110054	IN	NS	ns3.msft.net.

;; ADDITIONAL SECTION:
ns4.msft.net.		168290	IN	A	207.46.66.126
ns5.msft.net.		168290	IN	A	65.55.238.126
ns1.msft.net.		168290	IN	A	207.68.160.190
ns2.msft.net.		168290	IN	A	65.54.240.126
ns3.msft.net.		168290	IN	A	213.199.161.77

;; Query time: 228 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Sep  3 11:25:05 2008
;; MSG SIZE  rcvd: 378


; <<>> DiG 9.5.0-P2 <<>> www.microsoft.com @208.67.222.220
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9366
;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;www.microsoft.com.		IN	A

;; ANSWER SECTION:
www.microsoft.com.	1678	IN	CNAME	toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 225	IN	CNAME	g.www.ms.akadns.net.
g.www.ms.akadns.net.	225	IN	CNAME	lb1.www.ms.akadns.net.
lb1.www.ms.akadns.net.	225	IN	A	207.46.19.254
lb1.www.ms.akadns.net.	225	IN	A	207.46.192.254
lb1.www.ms.akadns.net.	225	IN	A	207.46.193.254
lb1.www.ms.akadns.net.	225	IN	A	65.55.11.222
lb1.www.ms.akadns.net.	225	IN	A	65.55.21.250
lb1.www.ms.akadns.net.	225	IN	A	207.46.19.190

;; AUTHORITY SECTION:
microsoft.com.		109978	IN	NS	ns4.msft.net.
microsoft.com.		109978	IN	NS	ns5.msft.net.
microsoft.com.		109978	IN	NS	ns1.msft.net.
microsoft.com.		109978	IN	NS	ns2.msft.net.
microsoft.com.		109978	IN	NS	ns3.msft.net.

;; ADDITIONAL SECTION:
ns4.msft.net.		168214	IN	A	207.46.66.126
ns5.msft.net.		168214	IN	A	65.55.238.126
ns1.msft.net.		168214	IN	A	207.68.160.190
ns2.msft.net.		168214	IN	A	65.54.240.126
ns3.msft.net.		168214	IN	A	213.199.161.77

;; Query time: 165 msec
;; SERVER: 208.67.222.220#53(208.67.222.220)
;; WHEN: Wed Sep  3 11:26:21 2008
;; MSG SIZE  rcvd: 378
Reply to: