8

I have BIND9 set up with proper recorders for my domain example.com, something.example.com is actually working...

When I have my DHCP server pointing at this DNS server I can get to webmin (https://something.example.com:10000) for the server it's pointing to. However I cannot get to any external websites (google.ca, serverfault.com, etc.)

I have my forwarders set in the named.conf.options file

options {
    directory "/etc/bind/";
    allow-query-cache { none; };
    allow-query { any; };
    recursion yes;

    forwarders {
        8.8.8.8;  // Google's DNS Server
        8.8.4.4;  // ''
    };
};

//zones here for example.com and reverse dns

But it doesn't seem to be forwarding requests to their servers. Where am I going wrong? Is there anything I can do to probe to get more information?

user29600
  • 419
  • 5
  • 17
  • 30
  • can this server actually use Google's DNS Servers? There might be a problem there, try for example a "dig @8.8.8.8 www.google.com" and see if it gives you reasonable results. – Marcel G Jul 06 '11 at 20:50
  • Yes, it does work. Resolved, see below. – user29600 Jul 06 '11 at 21:22

1 Answers1

6

More of the config would be good; I'm going to guess you're missing one of the following items:

recursion yes; or allow-recursion { 10.x.x.x/8; }; (where 10.x.x.x/8 is your internal network)

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • recursion was set to no; set it to yes and it's still not working. I'll post the whole config, just didn't want to flood the page with useless crap. – user29600 Jul 06 '11 at 20:38
  • I'm not seeing an `allow-recursion` block. Both of the snippets I listed are required. – Shane Madden Jul 06 '11 at 21:01
  • Additionally, your `allow-query-cache` is, specifically, intentionally(?), blocking recursive queries. – Shane Madden Jul 06 '11 at 21:10
  • Not intentionally, I was following an example I saw... should i have the `allow-query` in there? – user29600 Jul 06 '11 at 21:12
  • Probably, yeah. Your exact settings depend on what this server does (any authoritative internet resolution, or just internal?), but generally speaking `allow-query` can probably be `any;`, while you'll want to set `allow-query-cache` and `allow-recursion` to internal subnets only. – Shane Madden Jul 06 '11 at 21:15
  • Genius. Adding `recursion yes;` and `allow-recursion { 192.168.0.0/16; };` worked – user29600 Jul 06 '11 at 21:21