QUERY What could be going wrong here?
A couple of things are conspiring against you. :-(
The file /etc/resolv.conf could be a problem; its domain line gets set to an inappropriate
value when I reboot.
How is your /etc/resolv.conf being created/populated?
My guess is that your IP address is being assigned by a DHCP server. As part of the IP address assignment, your DHCP client is rewriting /etc/resolv.conf with the domain and nameserver assigned by the DHCP server. Hence, the "inappropriate" value after you reboot.
NSLOOKUP OUTPUT nslookup gives the SERVER address of the default name server, but says
"can't find workshop: NX domain."
This is because your default DNS server is not your local DNS server -- it is one of the DNS servers assigned to you by the DHCP server. This "other" DNS server does not know about your domain.
But nslookup still doesn't work after I edit the line to "domain example.net" and restart
bind9.
That's because you need to add your local DNS server to the list of nameservers in /etc/resolv.conf. Immediately before any other nameserver entry, add ...
nameserver 127.0.0.1
Now, when you use nslookup, your local DNS server should be your default DNS server. nslookup should now be able to resolve "workshop".
UPDATE Here is the output of dig: Command: dig A @workshop workshop.example.net
This confirms that you have your domain correctly configured on your local bind DNS server.
As you've already experienced, your changes to /etc/resolv.conf will be overwritten the next time you reboot. You have two options:
Reconfigure your machine to use a static IP. /etc/resolv.conf won't be overwritten anymore, so your changes will persist after a reboot.
Reconfigure your DHCP client so that it does not overwrite /etc/resolv.conf. This thread should point you in the right direction.
It all looks perfrectly normal to me. The name servers for iis.se are ns.nic.se, ns2.nic.se, and ns3.nic.se.
You get the Server Unknown message because you don't have a PTR zone set up on your DNS servers for your subnet (which isn't required). When you run nslookup from the DNS server the DNS client on the server (which is what nslookup uses, as the DNS server is also a DNS client and operates as any other DNS client does) first performs a PTR lookup to find the name of the server configured in the DNS settings of the TCP\IP protocol bound to the NIC. Not finding a PTR record, nslookup responds with Server Unknown. This is perfectly normal and acceptable.
Next you issue the query for www.iis.se and get a response from one of the name servers at iis.se from both the IPv6 and IPv4 addresses of that name server, that it can't find a record for www.iis.se. This is a perfectly normal response if no record for www exists.
You do that two more times against two different name servers and get the same response, which again is perfectly normal where no record for www.iis.se can be found.
You do that a third time on a server that has 127.0.0.1 configured as it's DNS server in the TCP\IP protocol settings of the NIC and get a request timed out, which tells me that the DNS client is pointing to 127.0.0.1 for DNS but that the DNS server (if you're running this particular nslookup from the DNS server) isn't listening on 127.0.0.1 so the query times out.
Try running nslookup against each of the name servers for the iis.se domain and query each one for www and see what they answer.
Best Answer
You'll get a better answer if you tell us why you'd want to do this.
DNS traffic uses UDP port 53, but if you want to block that, why not just remove the DNS server configuration from your network adapter?