[Q] Bind wil not answer on the private address?

[TheEdge]

G'Day,

- Centos 5.3 (SELinux) i386
- BIND 9.3.4-P1
- No firewall running

eth0 Link encap:Ethernet HWaddr 00:1F0A:CE:E6
inet addr:192.168.40.5 Bcast:192.168.40.255 Mask:255.255.255.0

I am sure I am missing something real obvious here, but Bind will not respond to queries sent to 192.168.40.5. Localhost and 127.0.0.1 respond fine. I include my config below as well as relevant outputs and logs. Could someone point me in the right direction? All help and pointers greatly appreciated:

Code:

acl trusted {
    192.168.40.0/24;
    localhost;
    };

acl bogon {
    0.0.0.0/8;
    1.0.0.0/8;
    2.0.0.0/8;
    5.0.0.0/8;
    10.0.0.0/8;
    14.0.0.0/8;
    23.0.0.0/8;
    27.0.0.0/8;
    31.0.0.0/8;
    36.0.0.0/8;
    37.0.0.0/8;
    39.0.0.0/8;
    42.0.0.0/8;
    46.0.0.0/8;
    49.0.0.0/8;
    50.0.0.0/8;
    100.0.0.0/8;
    101.0.0.0/8;
    102.0.0.0/8;
    103.0.0.0/8;
    104.0.0.0/8;
    105.0.0.0/8;
    106.0.0.0/8;
    107.0.0.0/8;
    169.254.0.0/16;
    172.16.0.0/12;
    175.0.0.0/8;
    176.0.0.0/8;
    177.0.0.0/8;
    179.0.0.0/8;
    180.0.0.0/8;
    181.0.0.0/8;
    182.0.0.0/8;
    183.0.0.0/8;
    185.0.0.0/8;
    192.0.2.0/24;
    192.168.0.0/16;
    198.18.0.0/15;
    223.0.0.0/8;
    224.0.0.0/3;
    };

logging {
    channel default_syslog {
        syslog local2;
        severity debug;
        };

    channel audit_log {
        syslog kern;
        severity warning;
        print-category yes;
        print-time yes;
        };

    category lame-servers {
        audit_log;
        };
    category queries {
        default_syslog;
        audit_log;
        };
    category update {
        audit_log;
        };
    category network {
        default_syslog;
        audit_log;
        };
    category client {
        default_syslog;
        audit_log;
        };
    category notify {
        audit_log;
        };
    category xfer-out {
        audit_log;
        };
    category xfer-in {
        audit_log;
        };
    category resolver {
        audit_log;
        };
    category config {
        default_syslog;
        default_syslog;
        };
    category security {
        default_syslog;
        audit_log;
        default_syslog;
        default_debug;
        default_stderr;
        };
    category general {
        default_syslog;
        default_syslog;
        };
    category default {
        default_syslog;
        default_syslog;
        };
};

// Set options for security
options {
        version "";
    directory "/etc";
    pid-file "/var/run/named/named.pid";
       statistics-file "/var/run/named/named.stats";
       memstatistics-file "/var/run/named/named.memstats";
       dump-file "/var/named/named.dump";
       zone-statistics yes;
      forwarders {
        208.67.222.222;
        208.67.220.220;
        };
    listen-on {
        trusted;
        };

    // Prevent DoS attacks by generating bogus zone transfer
    // requests.  This will result in slower updates to the
    // slave servers (e.g. they will await the poll interval
    // before checking for updates).
    //notify no;
    notify yes;

    // Generate more efficient zone transfers.  This will place
    // multiple DNS records in a DNS message, instead of one per
    // DNS message.
    transfer-format many-answers;

    // Set the maximum zone transfer time to something more
    // reasonable.  In this case, we state that any zone transfer
    // that takes longer than 60 minutes is unlikely to ever
    // complete.  WARNING:  If you have very large zone files,
    // adjust this to fit your requirements.
    max-transfer-time-in 60;

    // We have no dynamic interfaces, so BIND shouldn't need to
    // poll for interface state {UP|DOWN}.
    interface-interval 0;

    allow-query {
        trusted;
        };

    blackhole {
        // Deny anything from the bogon networks as
        // detailed in the "bogon" ACL.
        bogon;
    };
};


// Create a view for all clients perusing the CHAOS class.
// We allow internal hosts to query our version number.
// This is a good idea from a support point of view.

view "external-chaos" chaos {
    match-clients { any; };
    recursion no;

          zone "." {
              type hint;
              file "/dev/null";
          };
}; 


view "internal-in" in {
    // Our internal (trusted) view. We permit the internal networks
    // to freely access this view. We perform recursion for our
    // internal hosts, and retrieve data from the cache for them.

    match-clients {
        trusted;
        };
    recursion yes;
    additional-from-auth yes;
    additional-from-cache yes;

zone "." {
    type hint;
    file "/etc/db.cache";
    };
    zone "home.local" {
        type master;
        file "/var/named/home.local.hosts";
        allow-transfer {
            127.0.0.1;
            localnets;
            };
        };
    zone "42.168.192.in-addr.arpa" {
        type forward;
        forward only;
        forwarders {
            192.168.42.15;
            };
        };
}; 

// Create a view for external DNS clients.
view "external-in" in {
    // Our external (untrusted) view. We permit any client to access
    // portions of this view. We do not perform recursion or cache
    // access for hosts using this view.

    match-clients {
        any;
        };
    recursion no;
    additional-from-auth no;
    additional-from-cache no;

      // Link in our zones
zone "." {
    type hint;
    file "/etc/db.cache";
    };
    allow-query {
        any;
        };
};


key rndc-key {
    algorithm hmac-md5;
    secret "Its A Secret";
    };
controls {
    inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
    };


[root@lisa ~]# cat /etc/host
host.conf    hosts        hosts.allow  hosts.deny   
[root@lisa ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1               lisa.home.local lisa localhost.localdomain localhost
192.168.40.5            lisa.home.local lisa
::1             localhost6.localdomain6 localhost6
[root@lisa ~]# hostname
lisa.home.local
[root@lisa ~]# service named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]
[root@lisa ~]# dig www.linuxquestions.org @127.0.0.1

; <<>> DiG 9.3.4-P1 <<>> www.linuxquestions.org @127.0.0.1
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7485
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.linuxquestions.org.                IN      A

;; ANSWER SECTION:
www.linuxquestions.org. 1107    IN      A       75.126.162.205

;; Query time: 206 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Oct  1 20:26:31 2009
;; MSG SIZE  rcvd: 56

[root@lisa ~]# dig www.linuxquestions.org @192.168.40.5

; <<>> DiG 9.3.4-P1 <<>> www.linuxquestions.org @192.168.40.5
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

[root@lisa ~]# tail -f /var/log/messages
Oct  1 20:26:10 lisa named[30513]: found 2 CPUs, using 2 worker threads
Oct  1 20:26:10 lisa named[30513]: loading configuration from '/etc/named.conf'
Oct  1 20:26:10 lisa named[30513]: listening on IPv4 interface lo, 127.0.0.1#53
Oct  1 20:26:10 lisa named[30513]: listening on IPv4 interface eth0, 192.168.40.5#53
Oct  1 20:26:10 lisa named[30513]: command channel listening on 127.0.0.1#953
Oct  1 20:26:10 lisa named[30513]: zone home.local/IN/internal-in: loaded serial 1252662412
Oct  1 20:26:10 lisa named[30513]: zone home.local/IN/internal-in: loaded serial 1252662412
Oct  1 20:26:10 lisa named[30513]: running
Oct  1 20:26:10 lisa named[30513]: running
Oct  1 20:26:31 lisa named[30513]: client 127.0.0.1#48213: view internal-in: query: www.linuxquestions.org IN A +