BIND 9 Problem - DNS Forwarding
Paul Howarth
paul at city-fan.org
Mon Nov 1 10:36:21 UTC 2004
Kh Linux wrote:
>>So you are using a nameserver on your LAN at 192.168.1.14? Who maintains
>>that nameserver? Is that your IP address?
>
>
> Yes. And I have a CISCO PIX Firewall who will do the NAT for all local
> addresses in 192.168.1.x.
>
> It's been like this for years now. Recently, my old SuSe 6.2 server crashed;
> it was running BIND 8 with forwarding to my ISP and very fast. When I
> started anew, I would like to shift to RedHat but still wondering which
> version is the best. I decided first to go for RH7.3 but then, IPTABLES did
> not seem to be complete;so I decided to go for RH9.0. I've been searching
> around and found that many people encountered the same problem but no clear
> solution.
>
> Let me raise it again; the problem is that, I usually get this error message
> from named:
> ";;Connection timed out; no servers could be reached" when I do "# host
> www.yahoo.com", but after the second or third try, it responds correctly.
This points to your DNS resolver code taking a long time to do its job. AFter
your second of third try, the answer has been received and is cached on your
nameserver.
The tool to use to diagnose this problem is dig.
Try:
dig www.yahoo.com +trace
This will do a DNS lookup of www.yahoo.com "from first principles", starting
at the root nameservers and working its way down the DNS hierarchy until it
gets the answer. If you're getting slow responses from somewhere, this should
be apparent in the output.
> Could you suggest which RedHat/Fedora version I should use? I cannot wait
> for FC3.
I can't think of anything distribution-specific that would cause this problem.
I don't think it's a good idea to be using an old, unmaintained version of the
OS like RH9 either. I think it would be best to diagnose and fix the problem
on the system you already have running, and think carefully about what to
upgrade to (FC3 is out next week, or you could go for a supported distro like
SuSE).
> The only 3 most important packages I need are: BIND, Squid and IPTABLES. I'd
> like very much get RH Enterprise 3, but it's not avaiable in the market
> here; and don't know where and how to buy one.
You could always use Whitebox Enterprise Linux, which is virtually the same
thing but available for free download: http://www.whiteboxlinux.org/
Paul.
More information about the fedora-list
mailing list