Categories
Mastering Development System & Network

BIND failing to query external DNS records

Unfortunately, I’m an amateur sys admin and can’t figure out what is going on with BIND (9.8). We have two old Samba servers that we use as our active directory domain controllers and therefore they are also our DNS servers. Today all of a sudden, all our external DNS requests started failing, while the internal ones still work. For example (all IP addresses removed for security):

adminlocal@srvdc2:~$ dig +trace +additional google.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace +additional google.com
;; global options: +cmd
.                       19357   IN      NS      a.root-servers.net.
.                       19357   IN      NS      m.root-servers.net.
.                       19357   IN      NS      d.root-servers.net.
.                       19357   IN      NS      l.root-servers.net.
.                       19357   IN      NS      c.root-servers.net.
.                       19357   IN      NS      i.root-servers.net.
.                       19357   IN      NS      e.root-servers.net.
.                       19357   IN      NS      k.root-servers.net.
.                       19357   IN      NS      g.root-servers.net.
.                       19357   IN      NS      f.root-servers.net.
.                       19357   IN      NS      h.root-servers.net.
.                       19357   IN      NS      b.root-servers.net.
.                       19357   IN      NS      j.root-servers.net.
;; Received 228 bytes from xxx.xxx.xxx.xxx#53(xxx.xxx.xxx.xxx) in 123019 ms

.                       3600    IN      NS      FWDR-166.FWDR-35.FWDR-80.FWDR-91.
.                       3600    IN      NS      FWDR-133.FWDR-35.FWDR-80.FWDR-91.
FWDR-166.FWDR-35.FWDR-80.FWDR-91. 3600 IN A     91.80.35.166
FWDR-133.FWDR-35.FWDR-80.FWDR-91. 3600 IN A     91.80.35.133
;; BAD (HORIZONTAL) REFERRAL
dig: couldn't get address for 'FWDR-166.FWDR-35.FWDR-80.FWDR-91': no more

However, the internet works, and so I can ping Google’s server just fine :

adminlocal@srvdc2:~$ ping 216.58.208.174
PING 216.58.208.174 (216.58.208.174) 56(84) bytes of data.
64 bytes from 216.58.208.174: icmp_req=1 ttl=53 time=48.9 ms
64 bytes from 216.58.208.174: icmp_req=2 ttl=53 time=49.4 ms

I can also do DNS requests via another server :

root@srvdc2:/etc/bind# dig @1.1.1.1 google.com

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @1.1.1.1 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34033
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             96      IN      A       172.217.21.78

;; Query time: 61 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Mar 27 17:42:22 2020
;; MSG SIZE  rcvd: 44

Furthermore, in /var/log/messages I see that named is producing a bunch of errors all the time :

root@srvdc2:~# tail /var/log/messages
Mar 27 17:26:13 srvdc2 rsyslogd-2177: imuxsock begins to drop messages from pid 2105 due to rate-limiting
Mar 27 17:26:17 srvdc2 rsyslogd-2177: imuxsock lost 55 messages from pid 2105 due to rate-limiting
Mar 27 17:26:26 srvdc2 rsyslogd-2177: imuxsock begins to drop messages from pid 2105 due to rate-limiting
Mar 27 17:26:29 srvdc2 rsyslogd-2177: imuxsock lost 68 messages from pid 2105 due to rate-limiting
...
root@srvdc2:~# ps -ef | grep 2105
bind      2105     1  1 17:11 ?        00:00:16 /usr/sbin/named -u bind

Of course, internet works on the machines if I force the DNS to point to an external DNS server, but then they lose access to internal resources. Does anyone have an idea what I could do to find out more about the problem?

Thank you sincerely for any help you can offer.

Leave a Reply

Your email address will not be published. Required fields are marked *