[CentOS] CentOS6 bind DLV problems

Thu Aug 15 17:53:19 UTC 2013
Ljubomir Ljubojevic <centos at plnet.rs>

On 08/14/2013 07:14 PM, Tony Mountifield wrote:
> I have two CentOS6 boxes, both running Bind as a local resolver, with
> what appears to me to be the same configuration as each other. I have
> a problem on one but not the other, to do with DNSSEC Lookaside Validation.
> On the box with the problem, if I do: host www.bbc.co.uk
> (for example), it sits there for a while, then gives me a timeout error.
> I did some tests while running a tcpdump packet capture on udp port 53,
> and I discovered that bind was fetching the correct answer normally,
> and then performing a validation query to one of the DLV servers at ISC
> (e.g.,, or It was not
> receiving any reply. After several seconds, it tried another DLV server
> and again received no reply.
> A similar test on the other box receives replies from ISC no problem.
> I have tried disabling iptables on the failing box, but that didn't help.
> I'm assuming something in the request causes ISC to ignore it.

Have you tried to switch IP addresses and see if possible routing or 
public IP denial is in place?

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

StarOS, Mikrotik and CentOS/RHEL/Linux consultant