DNS request timed out. timeout was 2 seconds

Question

i had setup bind dns server on centos. from local lan it will work fine but from remote when i tried to nslookup ..it will give reply like "DNS request timed out...timeout was 2 seconds."

what is the problem?

this is my bind config----

// Red Hat BIND Configuration Tool

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        query-source address * port 53;
};

controls {
           inet 127.0.0.1 allow {localhost; } keys {rndckey; };
};

acl internals {
    127.0.0.0/8;
    192.168.0.0/24;
    10.0.0.0/8;

};

view "internal" {
    match-clients { internals; };
    recursion yes;
    zone "mydomain.com" {
       type master;
       file "mydomain.com.zone";
    };


zone "0.168.192.in-addr.arpa"  {
      type master;
      file "0.168.192.in-addr.arpa.zone";

};

zone "." IN {
        type hint;
        file "named.root";
};

zone "localdomain." IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost." IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa." IN {
        type master;
        file "named.local";
        allow-update { none; };

};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa." I
N {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

zone "255.in-addr.arpa." IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
};

zone "0.in-addr.arpa." IN {
        type master;
        file "named.zero";
        allow-update { none; };
};

};
view "external" {
 match-clients { any; };
    recursion no;
    zone "mydomain.com" {
       type master;
       file "mydomain.com.zone";
   //    file "/var/named/chroot/var/named/mydomain.com.zone";
    };


zone "0.168.192.in-addr.arpa"  {
      type master;
      file "0.168.192.in-addr.arpa.zone";
};

};

include "/etc/rndc.key";

Answer 1

At first, just check your DNS resolver. i mean the machines you used to see nslookup output.
try this command to see your own dns caching server's performance.

nslookup mydomain.com 8.8.8.8

for query from google dns cache. it's important to check several dns caching servers to see the performance.

if you are in TR. Also try these caching servers to see performance difference.
193.140.100.215 (METU dns cache) and 88.255.129.22 (My own caching server).
if you still have timeout with these Dns caching serves.

try intodns.com to confirm your connection & bind config.
eg: http://www.intodns.com/mydomain.com

Answer 2

Do you have a path through your firewall to the service?

Answer 3

This is the first points I would focus at

• you have to ensure your router (between WAN and LAN) routes the DNS ports UDP and TCP to your DNS server.

• the firewalls must be opened on the way.

• if you have apparmor installed, you must check that all the paths to your map files have their access authorized

• if you try to resolve a domain for which you just subscribed, and the name servers were filled not long ago, you may have to wait for the NS delegation information, from TLD, for your domain to be propagated worldwide (may take two days)

Try from a Unix/Linux machine

  host mydomain.com myserver

Answer 4

I assume that you're testing this from Windows, no-one normal use nslookup when he is able to use dig or host :). How exactly you perform the test?

What do you see if you do:

nslookup mastermatrix

or

nslookup mastermatrix.localdomain

or

nslookup mastermatrix.localdomain.

?

Could you show output of ipconfig /all command, I'm interested in following options:

• default domain
• DNS suffix search list

Last but not least, could you start Wireshark during test and filter for tcp/udp 53. This should give you an answer.

Answer 5

allow-recursion { internal; };