Re: Getting an error on a simple DNS configuration

Wed, 03 Jun 2015 13:02:05 -0700 

If you don't specify recursion (or query-cache or allow-query), then the
default is:
    allow-recursion (localnets; localhost;)

Which means only things on the connected subnets are allowed to make
recursive queries, all others get REFUSED.
So add an allow-recursion ( .. subnet list ..);  to your config.  (Do not
allow 'all', please.)



-- 
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 desk

On Wed, Jun 3, 2015 at 3:34 PM, Samad Agha <samad.agha2...@gmail.com> wrote:

> I put together a simple working DNS server and called it new-dns2 with the
> IP address of 206.117.115.93. My configuration files follow:
>
> [root@new-dns2 ~]# cat /etc/named.conf
> options {
>          directory "/var/named";
>  };
> zone "0.0.127.in-addr.arpa" {
>         type master;
>         file "db.127.0.0";
> };
> [root@new-dns2 ~]# cat /var/named/db.127.0.0
> $TTL 3D
> @               IN      SOA     new-dns1.ci.glendale.ca.us
> mchavoshi.glendaleca.gov. (
>                                 1       ; Serial
>                                 8H      ; Refresh
>                                 2H      ; Retry
>                                 4W      ; Expire
>                                 1D)     ; Minimum TTL
>                         NS      new-dns1.ci.glendale.ca.us.
> 1                       PTR     localhost.
> [root@new-dns2 ~]#
>
> So, when I query my new DNS server from itself (206.117.115.93), it
> resolves the name to an IP, but when I query my new DNS server from another
> Linux box, it fails with the following error message.
>
> [root@new-dns2 ~]# nslookup google.com 206.117.115.93
> Server:         206.117.115.93
> Address:        206.117.115.93#53
> Non-authoritative answer:
> Name:   google.com
> Address: 216.58.217.206
> [root@new-dns2 ~]#
>
> [root@oragrid01 ~]# nslookup google.com 206.117.115.93
> Server:         206.117.115.93
> Address:        206.117.115.93#53
> ** server can't find google.com: REFUSED
> [root@oragrid01 ~]#
>
> I have stopped FireWall on new-dns2, my DNS server:
>
> [root@new-dns2 ~]# service iptables status
> iptables: Firewall is not running.
> [root@new-dns2 ~]#
>
> Can someone please tell me what might be the problem?
>
> Many thanks in advance and have a wonderful day/night.
>
> Sincerely,
> Samad Agha
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to