Query Forwarding in bind9 is not working
bananosky last edited by
I came across this issue after I lost my both pfsense primary and secondary and restored them from backup. I have bind9 with master/slave configuration. After restoring both servers I realized my Master bind was not resolving external names (www.google.com etc), but the Slave was working fine. There was not a problem resolving local names (myname.local) on either server. I googled around and I found few people having the same issue, but not a real solution. After digging for a couple of days I found the problem. named.root file was empty in my Master server. I copied that file from my Slave and it fixed the problem. The location of the file is here:
I have not idea how it happened, but it got to be something to do with the restore that I did
miken32 last edited by
Nothing to do with restoring from backup, I had the same thing happen on a new install of the Bind package. Thanks for the tip. Here are the contents of the file if anyone needs them:
; This file holds the information on root name servers needed to ; initialize cache of Internet domain name servers ; (e.g. reference this file in the "cache . <file>" ; configuration file of BIND domain name servers). ; ; This file is made available by InterNIC ; under anonymous FTP as ; file /domain/named.cache ; on server FTP.INTERNIC.NET ; -OR- RS.INTERNIC.NET ; ; last update: November 16, 2017 ; related version of root zone: 2017111601 ; ; FORMERLY NS.INTERNIC.NET ; . 3600000 NS A.ROOT-SERVERS.NET. A.ROOT-SERVERS.NET. 3600000 A 22.214.171.124 A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:ba3e::2:30 ; ; FORMERLY NS1.ISI.EDU ; . 3600000 NS B.ROOT-SERVERS.NET. B.ROOT-SERVERS.NET. 3600000 A 126.96.36.199 B.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:200::b ; ; FORMERLY C.PSI.NET ; . 3600000 NS C.ROOT-SERVERS.NET. C.ROOT-SERVERS.NET. 3600000 A 188.8.131.52 C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::c ; ; FORMERLY TERP.UMD.EDU ; . 3600000 NS D.ROOT-SERVERS.NET. D.ROOT-SERVERS.NET. 3600000 A 184.108.40.206 D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2d::d ; ; FORMERLY NS.NASA.GOV ; . 3600000 NS E.ROOT-SERVERS.NET. E.ROOT-SERVERS.NET. 3600000 A 220.127.116.11 E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:a8::e ; ; FORMERLY NS.ISC.ORG ; . 3600000 NS F.ROOT-SERVERS.NET. F.ROOT-SERVERS.NET. 3600000 A 18.104.22.168 F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2f::f ; ; FORMERLY NS.NIC.DDN.MIL ; . 3600000 NS G.ROOT-SERVERS.NET. G.ROOT-SERVERS.NET. 3600000 A 22.214.171.124 G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::d0d ; ; FORMERLY AOS.ARL.ARMY.MIL ; . 3600000 NS H.ROOT-SERVERS.NET. H.ROOT-SERVERS.NET. 3600000 A 126.96.36.199 H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53 ; ; FORMERLY NIC.NORDU.NET ; . 3600000 NS I.ROOT-SERVERS.NET. I.ROOT-SERVERS.NET. 3600000 A 188.8.131.52 I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fe::53 ; ; OPERATED BY VERISIGN, INC. ; . 3600000 NS J.ROOT-SERVERS.NET. J.ROOT-SERVERS.NET. 3600000 A 184.108.40.206 J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:c27::2:30 ; ; OPERATED BY RIPE NCC ; . 3600000 NS K.ROOT-SERVERS.NET. K.ROOT-SERVERS.NET. 3600000 A 220.127.116.11 K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7fd::1 ; ; OPERATED BY ICANN ; . 3600000 NS L.ROOT-SERVERS.NET. L.ROOT-SERVERS.NET. 3600000 A 18.104.22.168 L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9f::42 ; ; OPERATED BY WIDE ; . 3600000 NS M.ROOT-SERVERS.NET. M.ROOT-SERVERS.NET. 3600000 A 22.214.171.124 M.ROOT-SERVERS.NET. 3600000 AAAA 2001:dc3::35 ; End of file
Jim Coogan last edited by
Very helpful. I had to populate /cf/named/etc/namedb/named.root on fresh bind install with this as well.
Risfold last edited by
Wow. Thank you to all here! In a fresh install of the bind package, I had the same issue. I populated named.root using the "Edit File" diagnostic tool and this was resolved.
I would only add that the file contents commented above by @miken32 is outdated (it may still work, and I haven't dug into if there are any differences). The location of the current version of the file is here: https://www.internic.net/domain/named.root I used the current version and it worked.
Risfold last edited by
Noted this issue in redmine bug tracker as well: https://redmine.pfsense.org/issues/10506