On 8/24/05, Les Mikesell <lesmikesell@xxxxxxxxx> wrote:
> On Wed, 2005-08-24 at 10:34, Arun K. Khan wrote:
> > CentOS 4.1/bind-9.2.4-2.
> >
> > I have named serving as a cache DNS server plus SOA for a local intranet
> > zone.
> >
> > The problem I am encountering - over a period of time it stops
> > responding to queries.
>
> > (from 192.168.1.150)
> > $ host www.yahoo.com 192.168.1.21
> > ;; connection timed out; no servers could be reached
> >
> > # nmapfe of 192.168.1.21 (from 192.168.1.150)
> > (The 1208 ports scanned but not shown below are in state:
> > closed)
> > PORT STATE SERVICE
> > 22/tcp open ssh
> > 25/tcp open smtp
> > 53/tcp open domain
> >
> > (ssh'd into named server using IP# 192.168.1.21)
> > # service named status
> > rndc: recv failed: operation canceled
>
> It looks like it can't reach the root servers. It has a private
> address - could you have a problem with your NAT gateway to the
> internet? How about your local firewalling on 53/udp to let
> the responses back?
>
For DNS servers 53/tcp is required as well. UDP handles most requests
but when the amount of data is great enough it uses TCP. IIRC yahoo
returns quite a few.
--
Leonard Isham, CISSP
Ostendo non ostento.
