carlopmart wrote: > Lars Hecking wrote: >>> options { >>> directory "/var/named"; >>> dump-file "/var/named/data/cache_dump.db"; >>> statistics-file "/var/named/data/named_stats.txt"; >>> memstatistics-file "/var/named/data/named_mem_stats.txt"; >>> listen-on port 53 { 127.0.0.1; 172.25.50.10; }; >>> version "DNS Server v2.0"; >>> dnssec-enable no; >>> query-source port 53; >>> forwarders { 208.67.220.220; 208.67.222.222; }; >>> }; >> >>> As you can see, I need to use "query-source port" param too with forwarders to >>> resolv names (and this is really really ugly). >> >> Explicit query-source port breaks port randomisation and is highly insecure. >> Your problem may be an incorrectly configured firewall that only accepts >> outgoing queries originating from source port 53 - it needs to accept all >> outgoing queries for destination port 53. >> >> > > Thanks lars. Correctly, firewall could be the problem, but it isn't. Because > Ubuntu and Windows 2003/2008 doesn't have problems with it ... and resolves > perfectly ... And I don't have configured this firewall to accept dns queries > originating from source port 53 ... > What does 'dig' show about your access to the root servers without forwarders and with and without forcing the query-source port? Compare it to the Ubuntu system. Maybe there's something wrong with the root hints file - or maybe your border firewall is blocking all udp to this box but permitting it to the DNS servers that work. -- Les Mikesell lesmikesell@xxxxxxxxx _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos