- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- new bind 9.9 and root NS take 2
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-02-2012 06:59 AM
08-02-2012 06:59 AM
new bind 9.9 and root NS take 2
Hi;
A short summary of the previous post: I have a client who's migrating from two old DNS physical servers to two new virtual ones running bind 9.9. I did their migration and, long story short, we're having problems getting the two new systems to talk to the root name servers. My two initial theories (new NS has to be registered to talk to root NS and issue w/DNSSEC) both proved to be incorrect which leaves something on the network.
The core problem is that we cannot reach the root name servers via udp. We *can*, however, reach google's name servers via udp. We can also reach the root name servers via tcp...
# dig +novc @f.root-servers.net
; <<>> DiG 9.9.1-P1-RedHat-9.9.1-2.P1.fc17 <<>> +novc @f.root-servers.net
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
# dig +noanswer +noquestion +novc @8.8.8.8
; <<>> DiG 9.9.1-P1-RedHat-9.9.1-2.P1.fc17 <<>> +noanswer +noquestion +novc @8.8.8.8
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11665
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; Query time: 13 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Aug 2 08:52:09 2012
;; MSG SIZE rcvd: 239
and
# dig +noanswer +noadditional +noquestion +vc @f.root-servers.net
; <<>> DiG 9.9.1-P1-RedHat-9.9.1-2.P1.fc17 <<>> +noanswer +noadditional +noquestion +vc @f.root-servers.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60360
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 23
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; Query time: 77 msec
;; SERVER: 192.5.5.241#53(192.5.5.241)
;; WHEN: Thu Aug 2 08:55:19 2012
;; MSG SIZE rcvd: 699
So, short version: the new dns systems can send outbound udp packets; but, something is blocking those packets going to the root name servers.
Has anyone seen anything like this and/or know what might be causing it? Failing that, does anyone know of a way to force recursions to use tcp vs udp?
This one's just plain weird... appreciate any hints/tips/suggestions.
Doug O'Leary
------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
- Tags:
- bind