Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

dig: couldn't get address for 'F.ROOT-SERVERS.NET': failure

2,928 views
Skip to first unread message

Ian Masters

unread,
Sep 12, 2008, 2:55:42 AM9/12/08
to
Hello,

I'm using BIND 9.3.4-P1 on Linux CentOS 5.2.

I'm trying to set up a local caching DNS server but when I try to test
my set-up using:

dig google.com +trace

I get the message:

dig: couldn't get address for 'F.ROOT-SERVERS.NET': failure

I'm pretty much a DNS beginner but I'd really like to understand why
this is happening.

From what I've read, when I do a dig query, BIND checks its own cache
and if the domain's info is not in there, it consults the root name
servers as contained in /var/named/chroot/var/named/named.ca

From the output of dig, I'm presuming it's failing at that point.

I can ping the IP addresses of most of the root DNS servers but not all
of them.

The only way I can make dig work properly is to insert my ISP's DNS
servers into my named.conf, thus:

forwarders { 165.76.12.2; 165.76.116.2; };
forward only;

If anyone can shed any light on my problem, I'd be very grateful.

Thanks

Ian Masters

p.s. As I understand it, the entries in /etc/resolv.conf are irrelevant
to servers running BIND.

Adam Tkac

unread,
Sep 12, 2008, 7:05:45 AM9/12/08
to
On Fri, Sep 12, 2008 at 03:55:42PM +0900, Ian Masters wrote:
> Hello,

Hi,

Are you sure that firewalls/NATs on the way are configured correctly?
What happen when you try "dig @198.41.0.4 ns" ? (198.41.0.4 is address
of A root server)

Adam

--
Adam Tkac, Red Hat, Inc.

Ian Masters

unread,
Sep 15, 2008, 8:39:07 PM9/15/08
to
Adam

Thanks for your reply.

> Are you sure that firewalls/NATs on the way are configured correctly?

Actually no, not completely sure ...

> What happen when you try "dig @198.41.0.4 ns" ? (198.41.0.4 is address
> of A root server)

; <<>> DiG 9.3.4-P1 <<>> @198.41.0.4 ns
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached

I can ping 198.41.0.4 though ...

As I said, if I add:


forwarders { 165.76.12.2; 165.76.116.2; };
forward only;

to my named.conf, I can dig google.com, but "dig @198.41.0.4 ns" still
fails.

I'm confused.

Ian Masters

Kevin Darcy

unread,
Sep 15, 2008, 8:55:44 PM9/15/08
to
So you can talk to your forwarders, but you can't talk directly to root
servers.

Seems like a fairly straightforward NAT/firewall/routing restriction. If
you can't get it opened up, you're stuck relying on forwarding to get
your resolution done.

- Kevin


0 new messages