Re: Setting up a local DNS server but clients that use it can't access the internet
Hi.
On Sat, Feb 24, 2018 at 10:13:18AM +0000, Aero Maxx wrote:
> Firstly thank you all very much for the replies, and sorry for the vague
> information, that wasn't intentional I didn't know what you would need and
> also I wasn't aware of the commands you ask for the output from.
>
> On 23 February 2018 at 18:06, Reco <recoverym4n@gmail.com> wrote:
>
> > Please invoke this on one of the problematic client hosts:
> >
> > dig in a debian.org +trace +recurse
> >
> > dig in a google.com +trace +recurse
>
> Output from the dig commands: https://pastebin.com/7CDMit1R
Please don't use pastebin for this. This list archives should contain
not only the solution, but a clear problem statement also.
So, following "show, don't tell principle":
# dig in a debian.org +trace +recurse
; <<>> DiG 9.10.3-P4-Debian <<>> in a debian.org +trace +recurse
;; global options: +cmd
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
couldn't get address for 'A.ROOT-SERVERS.NET': failure
couldn't get address for 'J.ROOT-SERVERS.NET': failure
couldn't get address for 'L.ROOT-SERVERS.NET': failure
couldn't get address for 'C.ROOT-SERVERS.NET': failure
couldn't get address for 'M.ROOT-SERVERS.NET': failure
couldn't get address for 'E.ROOT-SERVERS.NET': failure
couldn't get address for 'I.ROOT-SERVERS.NET': failure
couldn't get address for 'K.ROOT-SERVERS.NET': failure
couldn't get address for 'G.ROOT-SERVERS.NET': failure
couldn't get address for 'F.ROOT-SERVERS.NET': failure
couldn't get address for 'B.ROOT-SERVERS.NET': failure
couldn't get address for 'H.ROOT-SERVERS.NET': failure
couldn't get address for 'D.ROOT-SERVERS.NET': failure
dig: couldn't get address for 'A.ROOT-SERVERS.NET': no more
And that output is enough to tell you this:
1) Your nameserver tries to do the right thing - to do recursion.
2) Your named.conf apparently lacks "forwarders" section, so the only
thing that BIND can do here - is to query root DNSes.
3) And root DNSes aren't accessible to your BIND.
In conclusion, your setup is clearly broken, you need to fix it.
Reco
Reply to: