Just when I thought I had everthing working, I noticed this. if I use nslookup on my test site I installed on my server, it works fine:

root@server1:/home/admin# nslookup www.moultonboro-nh.com
Server: 192.168.1.50
Address: 192.168.1.50#53

Name: www.moultonboro-nh.com
Address: 64.223.191.202


I'm trying to get it to use my nameserver to lookup addresses outside my server so I know my nameserver is accessing outside nameservers.

However if I lookup outside my server I get:

root@server1:/home/admin# nslookup www.google.com
Server: 192.168.1.50
Address: 192.168.1.50#53

Non-authoritative answer:
*** Can't find www.google.com: No answer


If I use dig I get:

; <<>> DiG 9.3.2 <<>> www.google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9220
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 13

;; QUESTION SECTION:
;www.google.com. IN A

;; AUTHORITY SECTION:
. 516954 IN NS L.ROOT-SERVERS.NET.
. 516954 IN NS M.ROOT-SERVERS.NET.
. 516954 IN NS A.ROOT-SERVERS.NET.
. 516954 IN NS B.ROOT-SERVERS.NET.
. 516954 IN NS C.ROOT-SERVERS.NET.
. 516954 IN NS D.ROOT-SERVERS.NET.
. 516954 IN NS E.ROOT-SERVERS.NET.
. 516954 IN NS F.ROOT-SERVERS.NET.
. 516954 IN NS G.ROOT-SERVERS.NET.
. 516954 IN NS H.ROOT-SERVERS.NET.
. 516954 IN NS I.ROOT-SERVERS.NET.
. 516954 IN NS J.ROOT-SERVERS.NET.
. 516954 IN NS K.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 603354 IN A 198.41.0.4
B.ROOT-SERVERS.NET. 603354 IN A 192.228.79.201
C.ROOT-SERVERS.NET. 603354 IN A 192.33.4.12
D.ROOT-SERVERS.NET. 603354 IN A 128.8.10.90
E.ROOT-SERVERS.NET. 603354 IN A 192.203.230.10
F.ROOT-SERVERS.NET. 603354 IN A 192.5.5.241
G.ROOT-SERVERS.NET. 603354 IN A 192.112.36.4
H.ROOT-SERVERS.NET. 603354 IN A 128.63.2.53
I.ROOT-SERVERS.NET. 603354 IN A 192.36.148.17
J.ROOT-SERVERS.NET. 603354 IN A 192.58.128.30
K.ROOT-SERVERS.NET. 603354 IN A 193.0.14.129
L.ROOT-SERVERS.NET. 603354 IN A 199.7.83.42
M.ROOT-SERVERS.NET. 603354 IN A 202.12.27.33

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Nov 12 17:18:24 2007
;; MSG SIZE rcvd: 451


Also if I try to do apt-get update, all I get are lines of could not resolve errors.

My /etc/resolv.conf is now set like this:

nameserver 192.168.1.50


If I change that to use my ISP's name server at 71.243.0.12, it works fine, so I didn't think it was a firewall issue. Any idea what I did to block my server from looking outside itself?

Please use your ISP's nameservers in /etc/resolv.conf.

Please use your ISP's nameservers in /etc/resolv.conf.

It works that way great. But isn't my nameserver supposed to be able to connect directly to other nameservers higher up to get information? I thought the whole idea was to make my own nameserver so I didn't have to use someone elses?

But if someone asks your nameserver for a domain that it isn't authoritative for, your nameserver must ask other nameservers. That's why you need external nameservers in /etc/resolv.conf.

If my nameserver is also acting as a caching nameserver, I thought if you tell it to look up another site, that it isn't authoritative for, the resolver uses resolv.conf to look at my local server. As long as I set "nameserver 127.0.0.1" in my resolv.conf, it should use mine first. From there I thought it used the hint zone to look up db.root, and query the root nameservers to find the answer to the query.

To me it looks like my nameserver isn't looking outside of itself. If I'm right, I wonder if my router/firewall setup is blocking it. Right now I'm using a regular wireless/wired router, with a single static WAN IP address set along with my ISP's gateway and DNS servers. I turned off the built in firewall, but I still use it to do all the port forwarding with the DNS set on port 53.

No, your nameserver uses the nameservers in /etc/resolv.conf to query "foreign" domains/hostnames.