Bind9 – forwarders are not working

binddomain-name-system

I am experiencing an issue with bind. If i want to resolve any domain name that is on the zone file. It works fine. However, when I try to resolve anything that does not belong to the zone file. I know that actual DNS servers that are being forwarded are working fine. But somehow bind9 fails to use them.
The content of /etc/bind/named.conf.options is:

options {
directory "/var/cache/bind";
forwarders {
    131.181.127.32;
    131.181.59.48;
};
dnssec-validation auto;
auth-nxdomain no;    # conform to RFC1035
listen-on-v6 { any; };
};

I have also tried to use only one ip address and it still did not work. also the content of /etc/bind/named.conf is:

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";

So there is no problem with including options file.
Any recommendations for fixing this problem?

Best Answer

I had this issue before with recent version of Bind (9.8.1).

The following option solved the problem for me :

dnssec-validation no;

Related Solutions

Recursive forward a zone in BIND

First of all, I would suggest you use something other than 5353 as an alternate port for DNS servers. 5353 conflicts with zeroconf/mDNS.

The reason it only works when you use vps.example.org as a recursive resolver is because that's the only recursive server that's been told that it needs to go to a special DNS server on port 5353 to find foo.example.org.

Because you can't specify a port number in an NS record, it's generally impossible to have a an authoritative server on a port other than 53. All of the recursive nameservers in the world are going to find the NS record for the domain in question and are going to try to contact that server on port 53. If you wanted them to use a different port, you'd have to configure every one of them with a forward zone pointing to port 5353.

By the way, it isn't clear why you want to host foo.example.org on a separate nameserver on a different port (or IP address). Why don't you just add the foo.example.org zone to the same authoritative nameserver that serves example.org?

Linux – Reverse zone not working with BIND9

The immediate cause of error is the leading whitespace in your db.10 file. Correct:

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     necacdnsone.necone.com. root.necone.com. (
                              1         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
        IN  NS  necacdnsone.
1    IN  PTR gateway.necone.com.
54   IN  PTR necacdnsone.necone.com.
52   IN  PTR dhcpserver.necone.com.

Incorrect:

;
        IN  NS  necacdnsone.
   1    IN  PTR gateway.necone.com.
   54   IN  PTR necacdnsone.necone.com.
   52   IN  PTR dhcpserver.necone.com.
^^^ spaces are the problem

Do remember to increase SOA Serial and then to reload named.

In an unrelated matter, you should specify IN NS necacdnsone.necone.com. contrary to what your ill-chosen guide suggests.

Best Answer

Related Solutions

Recursive forward a zone in BIND

Linux – Reverse zone not working with BIND9

Related Topic