Linux – Centos 5.4 (x86_64) DNS resolution woes

bindcentos5domain-name-systemlinuxopendns

I've setup a Centos 5.4 (x86_64) box in a VM recently; the trouble is I just can't get internet to work on it.

Pinging the resolved google.com ips, nameserver ips works fine but DNS lookup queries don't.

Here's some of the digging around that I did:

dig google.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5 <<>> google.com
;; global options:  printcmd
;; connection timed out; no servers could be reached

nslookup google.com
;; connection timed out; no servers could be reached

I didn't observe any UDP/TCP packets during dig and nslookup either

cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 208.67.220.220
nameserver 208.67.222.222

Also my /etc/nsswitch.conf is in order and contains the "hosts: files dns"

What could be wrong?

Best Answer

Rule out iptables:

service iptables stop

Do the nslookup. If it works then inspect your ruleset and retry. Don't forget to restart iptables.

Try telnetting to port 53 of those ip addresses:

telnet 208.67.220.220 53

You should see:

$   telnet 208.67.220.220 53
Trying 208.67.220.220...
Connected to 208.67.220.220.
Escape character is '^]'.

Related Solutions

Nslookup Failure

QUERY What could be going wrong here?

A couple of things are conspiring against you. :-(

The file /etc/resolv.conf could be a problem; its domain line gets set to an inappropriate value when I reboot.

How is your /etc/resolv.conf being created/populated?

My guess is that your IP address is being assigned by a DHCP server. As part of the IP address assignment, your DHCP client is rewriting /etc/resolv.conf with the domain and nameserver assigned by the DHCP server. Hence, the "inappropriate" value after you reboot.

NSLOOKUP OUTPUT nslookup gives the SERVER address of the default name server, but says "can't find workshop: NX domain."

This is because your default DNS server is not your local DNS server -- it is one of the DNS servers assigned to you by the DHCP server. This "other" DNS server does not know about your domain.

But nslookup still doesn't work after I edit the line to "domain example.net" and restart bind9.

That's because you need to add your local DNS server to the list of nameservers in /etc/resolv.conf. Immediately before any other nameserver entry, add ...

nameserver 127.0.0.1

Now, when you use nslookup, your local DNS server should be your default DNS server. nslookup should now be able to resolve "workshop".

UPDATE Here is the output of dig: Command: dig A @workshop workshop.example.net

This confirms that you have your domain correctly configured on your local bind DNS server.

As you've already experienced, your changes to /etc/resolv.conf will be overwritten the next time you reboot. You have two options:

Reconfigure your machine to use a static IP. /etc/resolv.conf won't be overwritten anymore, so your changes will persist after a reboot.
Reconfigure your DHCP client so that it does not overwrite /etc/resolv.conf. This thread should point you in the right direction.

Bind is not resolving specific host

In your dig output, the name servers for that domain appear to be ns.agasoft.co.il and ns3.agasoft.co.il.

However, as of right now, their name servers are webserver1.agasoft.co.il and webserver2.agasoft.co.il.

It appears they changed their name servers.

In addition, mailhost.agasoft.co.il does not exist, according to those servers. Instead, their mail server (as identified by their MX record) is mailserver1.agasoft.co.il. This host does exist, and both name servers return the same address for it: 82.80.246.156.

Also note that in your dig output above, you requested a trace for mailhost.agasoft.co.il but the output shows for mailserver1.agasoft.co.il. Was that a typo in your question?

Summary: the agasoft.co.il domain appears to have recently changed their name servers and possibly also their mail server. If you are trying to find out why mail couldn’t be delivered to them, that’s why. The old name servers (according to your dig output) have a TTL of 1 day, so the problem should clear up in a day or so.

Best Answer

Related Solutions

Nslookup Failure

Bind is not resolving specific host

Related Topic