On 08/14/2013 07:14 PM, Tony Mountifield wrote:
> I have two CentOS6 boxes, both running Bind as a local resolver, with
> what appears to me to be the same configuration as each other. I have
> a problem on one but not the other, to do with DNSSEC Lookaside Validation.
>
> On the box with the problem, if I do: host www.bbc.co.uk 127.0.0.1
> (for example), it sits there for a while, then gives me a timeout error.
> I did some tests while running a tcpdump packet capture on udp port 53,
> and I discovered that bind was fetching the correct answer normally,
> and then performing a validation query to one of the DLV servers at ISC
> (e.g. 199.6.0.29, 199.6.0.30, 199.6.1.29 or 199.6.1.30). It was not
> receiving any reply. After several seconds, it tried another DLV server
> and again received no reply.
>
> A similar test on the other box receives replies from ISC no problem.
>
> I have tried disabling iptables on the failing box, but that didn't help.
> I'm assuming something in the request causes ISC to ignore it.
>
Have you tried to switch IP addresses and see if possible routing or
public IP denial is in place?
--
Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
