If you don't specify recursion (or query-cache or allow-query), then the default is: allow-recursion (localnets; localhost;)
Which means only things on the connected subnets are allowed to make recursive queries, all others get REFUSED. So add an allow-recursion ( .. subnet list ..); to your config. (Do not allow 'all', please.) -- Bob Harold hostmaster, UMnet, ITcom Information and Technology Services (ITS) rharo...@umich.edu 734-647-6524 desk On Wed, Jun 3, 2015 at 3:34 PM, Samad Agha <samad.agha2...@gmail.com> wrote: > I put together a simple working DNS server and called it new-dns2 with the > IP address of 206.117.115.93. My configuration files follow: > > [root@new-dns2 ~]# cat /etc/named.conf > options { > directory "/var/named"; > }; > zone "0.0.127.in-addr.arpa" { > type master; > file "db.127.0.0"; > }; > [root@new-dns2 ~]# cat /var/named/db.127.0.0 > $TTL 3D > @ IN SOA new-dns1.ci.glendale.ca.us > mchavoshi.glendaleca.gov. ( > 1 ; Serial > 8H ; Refresh > 2H ; Retry > 4W ; Expire > 1D) ; Minimum TTL > NS new-dns1.ci.glendale.ca.us. > 1 PTR localhost. > [root@new-dns2 ~]# > > So, when I query my new DNS server from itself (206.117.115.93), it > resolves the name to an IP, but when I query my new DNS server from another > Linux box, it fails with the following error message. > > [root@new-dns2 ~]# nslookup google.com 206.117.115.93 > Server: 206.117.115.93 > Address: 206.117.115.93#53 > Non-authoritative answer: > Name: google.com > Address: 216.58.217.206 > [root@new-dns2 ~]# > > [root@oragrid01 ~]# nslookup google.com 206.117.115.93 > Server: 206.117.115.93 > Address: 206.117.115.93#53 > ** server can't find google.com: REFUSED > [root@oragrid01 ~]# > > I have stopped FireWall on new-dns2, my DNS server: > > [root@new-dns2 ~]# service iptables status > iptables: Firewall is not running. > [root@new-dns2 ~]# > > Can someone please tell me what might be the problem? > > Many thanks in advance and have a wonderful day/night. > > Sincerely, > Samad Agha > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users