BIND9.16.1 on Ubuntu 20.04.2 x64 not resolving any queries from the corporate subnet
by Thurisaz from LinuxQuestions.org on (#5R53K)
A fairly fresh Ubuntu 20.04.2 server with iRedMail-1.4.2, nginx, isc-dhcp-4.4.1, BIND 9.16.1 is running properly, except BIND.
DNS server is configured as a full resolver (i.e. caching server), thus "recursion yes; allow-recursion { subnet/mask; localhost };" and identical statements "allow-query" "allow-query-cache" are present. At the server, it surely does work: DiG throws an answer, being slightly (up to 900 ms for transoceanic queries) delayed 'cause of the resolving timeouts on forwarders (they're presumably not accepting edns cookies).
But the clients, being served by DHCP, can't use the DNS server:
1. Windows' built-in diagnostics state that 'DNS server is not responding' and 'it's either shut down or misconfigured';
2. Nslookup command, run on client computers, throws persistent DNS request timed out;
3. Telnet command, being run either from server to one of the clients or vice versa, throws a Connection failed message after a long wait (ca. 30 sec);
4. Attempting to use netcat (nc -vzw5) throws me another timeout, though nc -vuzw5 is successful, thus client's UDP port 53 is on.
IPTables are set to global ACCEPT policy, masquerade is specified explicitly.
What the godsdamn thing I've missed or misconfigured there?
DNS server is configured as a full resolver (i.e. caching server), thus "recursion yes; allow-recursion { subnet/mask; localhost };" and identical statements "allow-query" "allow-query-cache" are present. At the server, it surely does work: DiG throws an answer, being slightly (up to 900 ms for transoceanic queries) delayed 'cause of the resolving timeouts on forwarders (they're presumably not accepting edns cookies).
But the clients, being served by DHCP, can't use the DNS server:
1. Windows' built-in diagnostics state that 'DNS server is not responding' and 'it's either shut down or misconfigured';
2. Nslookup command, run on client computers, throws persistent DNS request timed out;
3. Telnet command, being run either from server to one of the clients or vice versa, throws a Connection failed message after a long wait (ca. 30 sec);
4. Attempting to use netcat (nc -vzw5) throws me another timeout, though nc -vuzw5 is successful, thus client's UDP port 53 is on.
IPTables are set to global ACCEPT policy, masquerade is specified explicitly.
What the godsdamn thing I've missed or misconfigured there?