Les Mikesell wrote:
carlopmart wrote:
Les Mikesell wrote:
carlopmart wrote:
Lars Hecking wrote:
options { directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; listen-on port 53 { 127.0.0.1; 172.25.50.10; }; version "DNS Server v2.0"; dnssec-enable no; query-source port 53; forwarders { 208.67.220.220; 208.67.222.222; }; };
As you can see, I need to use "query-source port" param too with forwarders to resolv names (and this is really really ugly).
Explicit query-source port breaks port randomisation and is highly insecure. Your problem may be an incorrectly configured firewall that only accepts outgoing queries originating from source port 53 - it needs to accept all outgoing queries for destination port 53.
Thanks lars. Correctly, firewall could be the problem, but it isn't. Because Ubuntu and Windows 2003/2008 doesn't have problems with it ... and resolves perfectly ... And I don't have configured this firewall to accept dns queries originating from source port 53 ...
What does 'dig' show about your access to the root servers without forwarders and with and without forcing the query-source port? Compare it to the Ubuntu system. Maybe there's something wrong with the root hints file - or maybe your border firewall is blocking all udp to this box but permitting it to the DNS servers that work.
Thanks Les, but I have checked it before post this problem. Ubuntu and CentOS have the same file to do querys to root servers ...
And the results of 'dig' on each?
I have find a temporary solution: reduce the MTU on CentOS server (1440) ...I need to investigate why centOS loses some packages and ubuntu doesn't ....
Are you routing through tunnels?
No, all hosts (firewall and CentOS DNS server) are connected to GByte network.