DNS Server (bind9) works on the private network but not in the public one!

[wjleon]

Hi there,

I am trying to configure bind9 on a debian Sarge (Testing) box. I made all the .conf files and the servers starts ok (as the log -/var/log/daemon.log- says). The box handling Bind9 has a Publia IP address and a private address.

I turn down all the firewall rules and I can reach the server from outside the network, I can ping it, traceroute it, telnet it (to port 53) and ssh it BUT when I try aquery like this:

dig someBox @public_ip

All I get is:

;; global options: printcmd
;; connection timed out; no servers could be reached


and when I try the same query from inside the network (using the private IP address of the DNS server) it WORKS FINE!

dig someBox (the box same as above) @private_IP_ADDRESS_of_the_same_DNS_SERVER

;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32024
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

So, any clue?

[sarumont]

Is that machine's public address listed as the nameserver in the whois database? If not, there's no way to know where to look for the resolution of that name. Also make sure BIND is listening on both the internal and external interfaces.