carlopmart wrote:
>>>>>> Thanks lars. Correctly, firewall could be the problem, but it isn't. Because
>>>>> Ubuntu and Windows 2003/2008 doesn't have problems with it ... and resolves
>>>>> perfectly ... And I don't have configured this firewall to accept dns queries
>>>>> originating from source port 53 ...
>>>>>
>>>> What does 'dig' show about your access to the root servers without
>>>> forwarders and with and without forcing the query-source port? Compare
>>>> it to the Ubuntu system. Maybe there's something wrong with the root
>>>> hints file - or maybe your border firewall is blocking all udp to this
>>>> box but permitting it to the DNS servers that work.
>>>>
>>> Thanks Les, but I have checked it before post this problem. Ubuntu and CentOS
>>> have the same file to do querys to root servers ...
>> And the results of 'dig' on each?
>>
>>> I have find a temporary solution: reduce the MTU on CentOS server (1440) ...I
>>> need to investigate why centOS loses some packages and ubuntu doesn't ....
>> Are you routing through tunnels?
>>
>>
> No, all hosts (firewall and CentOS DNS server) are connected to GByte network.
That's not where the problem is. Since you are working with forwarding
on, the problem has to be when you try to go directly to the internet
over UDP so it would be at the firewall or border router. When DNS
fails, it will retry with TCP and that might be why it eventually works.
Is there anything in the path to the internet that needs a lower MTU
(perhaps a DNS line running PPOE)? Or do you have jumbo packets enabled
on your Gig NIC? And if you do need a small MTU, do you have firewalls
blocking the ICMP messages that are required to discover that automatically?
--
Les Mikesell
lesmikesell at gmail.com