[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Setting up a local DNS server but clients that use it can't access the internet

	Hi.

On Sat, Feb 24, 2018 at 10:13:18AM +0000, Aero Maxx wrote:
> Firstly thank you all very much for the replies, and sorry for the vague
> information, that wasn't intentional I didn't know what you would need and
> also I wasn't aware of the commands you ask for the output from.
> 
> On 23 February 2018 at 18:06, Reco <recoverym4n@gmail.com> wrote:
> 
> > Please invoke this on one of the problematic client hosts:
> >
> > dig in a debian.org +trace +recurse
> >
> > dig in a google.com +trace +recurse
> 
> Output from the dig commands: https://pastebin.com/7CDMit1R

Please don't use pastebin for this. This list archives should contain
not only the solution, but a clear problem statement also.

So, following "show, don't tell principle":

# dig in a debian.org +trace +recurse
 
; <<>> DiG 9.10.3-P4-Debian <<>> in a debian.org +trace +recurse
;; global options: +cmd
.                       3600000 IN      NS      A.ROOT-SERVERS.NET.
.                       3600000 IN      NS      J.ROOT-SERVERS.NET.
.                       3600000 IN      NS      L.ROOT-SERVERS.NET.
.                       3600000 IN      NS      C.ROOT-SERVERS.NET.
.                       3600000 IN      NS      M.ROOT-SERVERS.NET.
.                       3600000 IN      NS      E.ROOT-SERVERS.NET.
.                       3600000 IN      NS      I.ROOT-SERVERS.NET.
.                       3600000 IN      NS      K.ROOT-SERVERS.NET.
.                       3600000 IN      NS      G.ROOT-SERVERS.NET.
.                       3600000 IN      NS      F.ROOT-SERVERS.NET.
.                       3600000 IN      NS      B.ROOT-SERVERS.NET.
.                       3600000 IN      NS      H.ROOT-SERVERS.NET.
.                       3600000 IN      NS      D.ROOT-SERVERS.NET.
couldn't get address for 'A.ROOT-SERVERS.NET': failure
couldn't get address for 'J.ROOT-SERVERS.NET': failure
couldn't get address for 'L.ROOT-SERVERS.NET': failure
couldn't get address for 'C.ROOT-SERVERS.NET': failure
couldn't get address for 'M.ROOT-SERVERS.NET': failure
couldn't get address for 'E.ROOT-SERVERS.NET': failure
couldn't get address for 'I.ROOT-SERVERS.NET': failure
couldn't get address for 'K.ROOT-SERVERS.NET': failure
couldn't get address for 'G.ROOT-SERVERS.NET': failure
couldn't get address for 'F.ROOT-SERVERS.NET': failure
couldn't get address for 'B.ROOT-SERVERS.NET': failure
couldn't get address for 'H.ROOT-SERVERS.NET': failure
couldn't get address for 'D.ROOT-SERVERS.NET': failure
dig: couldn't get address for 'A.ROOT-SERVERS.NET': no more


And that output is enough to tell you this:

1) Your nameserver tries to do the right thing - to do recursion.

2) Your named.conf apparently lacks "forwarders" section, so the only
thing that BIND can do here - is to query root DNSes.

3) And root DNSes aren't accessible to your BIND.

In conclusion, your setup is clearly broken, you need to fix it.

Reco
Reply to: