DNS Propagation
Hi Everyone! Recently I enabled a new IP range on my firewall. I used this bigger range to organize my DNS records like mail, www, ns1, ns2, and others. I did this last weekend. I find out that some DNS servers updated themselves with my new registers. However, CheckDNS (http://www.checkdns.net/quickcheckdomainf.aspx) stills resolving to my old servers. I changed every record, every file of all my domains, serials, firewall rules using the new IPs but I'm still having problems. Moreover, some mail servers are rejecting messages from my main domain. Here are some logs: Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'otwbhqbg.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'yuogkiz.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#9026: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#1765: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied -- this query problem is pointing to my old reverse. Can someone help me? João K. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Propagation
You need to go to your domain registrar and change the ip address there for these name servers. That data is inserted as glue records to the root servers. Without the domain name and name servers involved I could not have helped you find this issue. I get my own messages back from the list, but you do need to reply to the list and I sometimes forget as this list server does not put the list in as the from address and my reader does not pick that up. Lyle Giese LCR Computer Services, Inc. João Alberto Kuchnier wrote: Sorry about that. The domain is dataprom.com. ns1.dataprom.com - 200.198.101.3 ns2.dataprom.com - 200.198.101.4 More log errors: Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.sbl-xbl.spamhaus.org/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.bl.spamcop.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/SPF/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'ns1.virginmedia.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/TXT/IN': 200.198.101.4#53 Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#40978: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#45863: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#50880: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#20633: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:33 ns1 named[4602]: client 189.26.117.170#1032: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:07:03 ns1 named[4602]: error (connection refused) resolving 'orsp.f-secure.akadns.net/A/IN': 200.198.101.4#53 Looks like my slave DNS is refusing masters connection. Some querys are pointing to my old reverse configuration (8-15.101.198.200.in-addr.arpa). Now it is: 0-15.101.198.200.in-addr.arpa I'm not receiving the discussion list e-mails. Is that normal? Em Qui, 2010-10-14 às 11:16 -0500, Lyle Giese escreveu: João Alberto Kuchnier wrote: Hi Everyone! Recently I enabled a new IP range on my firewall. I used this bigger range to organize my DNS records like mail, www, ns1, ns2, and others. I did this last weekend. I find out that some DNS servers updated themselves with my new registers. However, CheckDNS (http://www.checkdns.net/quickcheckdomainf.aspx) stills resolving to my old servers. I changed every record, every file of all my domains, serials, firewall rules using the new IPs but I'm still having problems. Moreover, some mail servers are rejecting messages from my main domain. Here are some logs: Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'otwbhqbg.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'yuogkiz.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#9026: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#1765: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied -- this query problem is pointing to my old reverse. Can someone help me? João K. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Since you chose to hide the real domain names, there is not much we can do to help. Most of us here like to do a couple of queries so that we can view what your dns servers are serving up for data. It may not be what you expect, but we can not do that in this case. With that said, there always is some gap due to TTL's. When changing IP addresses, it's best practice to lower the TTL on all records effected by the change. If your normal TTL is set to 1 day, 2 days before the change lower that to say 1 hour. When changing the zone files to the new ip addresses, put the TTL back to what it was. That still won't help you with a dns checking service that forces a longer TTL than you request. They are doing a disservice to you and the community if they are doing that without telling you about it. Lyle Giese LCR Computer Services,Inc. ___ bind-users mailing list bind-users@lists.isc.org
Re: DNS Propagation
Lyle, Domain registrar like Network Solutions? My domain account is set to ns1 and ns2, no by IP address. João K. Em Qui, 2010-10-14 às 13:15 -0500, Lyle Giese escreveu: You need to go to your domain registrar and change the ip address there for these name servers. That data is inserted as glue records to the root servers. Without the domain name and name servers involved I could not have helped you find this issue. I get my own messages back from the list, but you do need to reply to the list and I sometimes forget as this list server does not put the list in as the from address and my reader does not pick that up. Lyle Giese LCR Computer Services, Inc. João Alberto Kuchnier wrote: Sorry about that. The domain is dataprom.com. ns1.dataprom.com - 200.198.101.3 ns2.dataprom.com - 200.198.101.4 More log errors: Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.sbl-xbl.spamhaus.org/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.bl.spamcop.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/SPF/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'ns1.virginmedia.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/TXT/IN': 200.198.101.4#53 Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#40978: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#45863: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#50880: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#20633: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:33 ns1 named[4602]: client 189.26.117.170#1032: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:07:03 ns1 named[4602]: error (connection refused) resolving 'orsp.f-secure.akadns.net/A/IN': 200.198.101.4#53 Looks like my slave DNS is refusing masters connection. Some querys are pointing to my old reverse configuration (8-15.101.198.200.in-addr.arpa). Now it is: 0-15.101.198.200.in-addr.arpa I'm not receiving the discussion list e-mails. Is that normal? Em Qui, 2010-10-14 às 11:16 -0500, Lyle Giese escreveu: João Alberto Kuchnier wrote: Hi Everyone! Recently I enabled a new IP range on my firewall. I used this bigger range to organize my DNS records like mail, www, ns1, ns2, and others. I did this last weekend. I find out that some DNS servers updated themselves with my new registers. However, CheckDNS (http://www.checkdns.net/quickcheckdomainf.aspx) stills resolving to my old servers. I changed every record, every file of all my domains, serials, firewall rules using the new IPs but I'm still having problems. Moreover, some mail servers are rejecting messages from my main domain. Here are some logs: Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'otwbhqbg.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'yuogkiz.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#9026: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#1765: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied -- this query problem is pointing to my old reverse. Can someone help me? João K. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Since you chose to hide the real domain names, there is not much we can do to help. Most of us here like to do a couple of queries so that we can view what your dns servers are serving up for data. It may not be what you expect, but we can not do that in this case. With that said, there always is some gap due to TTL's. When changing IP addresses, it's best practice to lower the TTL on all records effected by the change. If your normal TTL is set to 1 day, 2 days before the change lower that to say 1 hour. When changing the zone files to the new ip addresses, put the TTL
Re: DNS Propagation
When you created these as name servers or used them for the first time at Network Solutions, you had to create name server records and register the IP address at that time. That's how glue records get inserted into the root servers. Otherwise the world could not find dataprom.com. If the world was not given the ip address of ns1 or ns2.dataprom.com via glue records, the world would not know how to find your name servers. At Network Solutions, you log into your account there, go to Manage Domains, then manage the dataprom.com domain. On the next page that comes up from Network Solutions, scroll down and under More Domain Options, click on Manage Name Servers. This is where you manage the glue records for your name servers. Lyle Giese LCR Computer Services, Inc. João Alberto Kuchnier wrote: Lyle, Domain registrar like Network Solutions? My domain account is set to ns1 and ns2, no by IP address. João K. Em Qui, 2010-10-14 às 13:15 -0500, Lyle Giese escreveu: You need to go to your domain registrar and change the ip address there for these name servers. That data is inserted as glue records to the root servers. Without the domain name and name servers involved I could not have helped you find this issue. I get my own messages back from the list, but you do need to reply to the list and I sometimes forget as this list server does not put the list in as the from address and my reader does not pick that up. Lyle Giese LCR Computer Services, Inc. João Alberto Kuchnier wrote: Sorry about that. The domain is dataprom.com. ns1.dataprom.com - 200.198.101.3 ns2.dataprom.com - 200.198.101.4 More log errors: Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.sbl-xbl.spamhaus.org/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.bl.spamcop.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/SPF/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'ns1.virginmedia.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/TXT/IN': 200.198.101.4#53 Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#40978: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#45863: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#50880: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#20633: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:33 ns1 named[4602]: client 189.26.117.170#1032: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:07:03 ns1 named[4602]: error (connection refused) resolving 'orsp.f-secure.akadns.net/A/IN': 200.198.101.4#53 Looks like my slave DNS is refusing masters connection. Some querys are pointing to my old reverse configuration (8-15.101.198.200.in-addr.arpa). Now it is: 0-15.101.198.200.in-addr.arpa I'm not receiving the discussion list e-mails. Is that normal? Em Qui, 2010-10-14 às 11:16 -0500, Lyle Giese escreveu: João Alberto Kuchnier wrote: Hi Everyone! Recently I enabled a new IP range on my firewall. I used this bigger range to organize my DNS records like mail, www, ns1, ns2, and others. I did this last weekend. I find out that some DNS servers updated themselves with my new registers. However, CheckDNS (http://www.checkdns.net/quickcheckdomainf.aspx) stills resolving to my old servers. I changed every record, every file of all my domains, serials, firewall rules using the new IPs but I'm still having problems. Moreover, some mail servers are rejecting messages from my main domain. Here are some logs: Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'otwbhqbg.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:50:48 ns1 named[2929]: error (connection refused) resolving 'yuogkiz.net/A/IN': 200.xxx.xxx.xxx#53 Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#9026: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied Oct 14 11:51:05 ns1 named[2929]: client 65.202.203.203#1765: query (cache) '12.8-15.xxx.xxx.xxx.in-addr.arpa/PTR/IN' denied -- this query problem is pointing to my old reverse. Can someone help me? João K. ___ bind-users mailing list bind-users@lists.isc.org
Re: DNS Propagation
On Thu, Oct 14, 2010 at 11:54:27AM -0300, João Alberto Kuchnier joao.kuchn...@gmail.com wrote a message of 23 lines which said: Can someone help me? Without the actual domain name? Unlikely. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Propagation
Yes! Found it! Thank you! Now, if you could help me, these log info are from my master DNS: Oct 14 16:00:42 ns1 named[4602]: error (connection refused) resolving 'guide.opendns.com/A/IN': 200.198.101.4#53 200.198.101.3 - Master 200.198.101.4 - Slave Slave is refusing connections? There is this query problem too: Oct 14 16:01:56 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Oct 14 16:01:59 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Some of my slave logs: Oct 14 15:26:06 ns2 named[503]: error (unexpected RCODE REFUSED) resolving 'km13718-05.keymachine.de/TXT/IN': 87.118.100.101#53 Oct 14 15:31:08 ns2 named[503]: error (unexpected RCODE SERVFAIL) resolving '21.76.60.212.in-addr.arpa/PTR/IN': 212.60.66.245#53 Can you help me to fix this issues? João K. Em Qui, 2010-10-14 às 13:51 -0500, Lyle Giese escreveu: When you created these as name servers or used them for the first time at Network Solutions, you had to create name server records and register the IP address at that time. That's how glue records get inserted into the root servers. Otherwise the world could not find dataprom.com. If the world was not given the ip address of ns1 or ns2.dataprom.com via glue records, the world would not know how to find your name servers. At Network Solutions, you log into your account there, go to Manage Domains, then manage the dataprom.com domain. On the next page that comes up from Network Solutions, scroll down and under More Domain Options, click on Manage Name Servers. This is where you manage the glue records for your name servers. Lyle Giese LCR Computer Services, Inc. João Alberto Kuchnier wrote: Lyle, Domain registrar like Network Solutions? My domain account is set to ns1 and ns2, no by IP address. João K. Em Qui, 2010-10-14 às 13:15 -0500, Lyle Giese escreveu: You need to go to your domain registrar and change the ip address there for these name servers. That data is inserted as glue records to the root servers. Without the domain name and name servers involved I could not have helped you find this issue. I get my own messages back from the list, but you do need to reply to the list and I sometimes forget as this list server does not put the list in as the from address and my reader does not pick that up. Lyle Giese LCR Computer Services, Inc. João Alberto Kuchnier wrote: Sorry about that. The domain is dataprom.com. ns1.dataprom.com - 200.198.101.3 ns2.dataprom.com - 200.198.101.4 More log errors: Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.sbl-xbl.spamhaus.org/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving '96.197.97.81.bl.spamcop.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/SPF/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'ns1.virginmedia.net/A/IN': 200.198.101.4#53 Oct 14 14:06:06 ns1 named[4602]: error (connection refused) resolving 'cpc3-seac12-0-0-cust351.7-2.cable.virginmedia.com/TXT/IN': 200.198.101.4#53 Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#40978: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#45863: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 200.103.142.207#50955: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#50880: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:16 ns1 named[4602]: client 201.10.124.1#20633: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:06:33 ns1 named[4602]: client 189.26.117.170#1032: query (cache) '10.8-15.101.198.200.in-addr.arpa/PTR/IN' denied Oct 14 14:07:03 ns1 named[4602]: error (connection refused) resolving 'orsp.f-secure.akadns.net/A/IN': 200.198.101.4#53 Looks like my slave DNS is refusing masters connection. Some querys are pointing to my old reverse configuration (8-15.101.198.200.in-addr.arpa). Now it is: 0-15.101.198.200.in-addr.arpa I'm not receiving the discussion list e-mails. Is that normal? Em Qui, 2010-10-14 às 11:16 -0500, Lyle Giese escreveu: João Alberto Kuchnier wrote: Hi Everyone! Recently I enabled a new IP range on my firewall. I used this bigger range
Re: DNS Propagation
On Thu, Oct 14, 2010 at 01:51:25PM -0500, Lyle Giese l...@lcrcomputer.net wrote a message of 416 lines which said: That's how glue records get inserted into the root servers. Small fix: unless the OP manages a TLD, his glue won't be inserted in the root servers but in the servers of the TLD he uses (.COM in your example). ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Propagation
João Alberto Kuchnier wrote: Yes! Found it! Thank you! Now, if you could help me, these log info are from my master DNS: Oct 14 16:00:42 ns1 named[4602]: error (connection refused) resolving 'guide.opendns.com/A/IN': 200.198.101.4#53 200.198.101.3 - Master 200.198.101.4 - Slave Slave is refusing connections? There is this query problem too: Oct 14 16:01:56 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Oct 14 16:01:59 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Some of my slave logs: Oct 14 15:26:06 ns2 named[503]: error (unexpected RCODE REFUSED) resolving 'km13718-05.keymachine.de/TXT/IN': 87.118.100.101#53 Oct 14 15:31:08 ns2 named[503]: error (unexpected RCODE SERVFAIL) resolving '21.76.60.212.in-addr.arpa/PTR/IN': 212.60.66.245#53 Can you help me to fix this issues? João K. Google is your friend! Please use it. You have mistakes of some sort in your named.conf and/or your zone files. Lyle Giese LCR Computer Services, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Propagation
I already talked with google. But i will try again. Thank you for your time! Looks like the new IPs are functional! João K. Em Qui, 2010-10-14 às 14:23 -0500, Lyle Giese escreveu: João Alberto Kuchnier wrote: Yes! Found it! Thank you! Now, if you could help me, these log info are from my master DNS: Oct 14 16:00:42 ns1 named[4602]: error (connection refused) resolving 'guide.opendns.com/A/IN': 200.198.101.4#53 200.198.101.3 - Master 200.198.101.4 - Slave Slave is refusing connections? There is this query problem too: Oct 14 16:01:56 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Oct 14 16:01:59 ns1 named[4602]: client 201.39.197.2#53: query (cache) '2.0-63.102.3.189.in-addr.arpa/PTR/IN' denied Some of my slave logs: Oct 14 15:26:06 ns2 named[503]: error (unexpected RCODE REFUSED) resolving 'km13718-05.keymachine.de/TXT/IN': 87.118.100.101#53 Oct 14 15:31:08 ns2 named[503]: error (unexpected RCODE SERVFAIL) resolving '21.76.60.212.in-addr.arpa/PTR/IN': 212.60.66.245#53 Can you help me to fix this issues? João K. Google is your friend! Please use it. You have mistakes of some sort in your named.conf and/or your zone files. Lyle Giese LCR Computer Services, Inc. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNS Propagation
On Thu, Oct 14, 2010 at 04:04:20PM -0300, João Alberto Kuchnier joao.kuchn...@gmail.com wrote a message of 148 lines which said: Oct 14 16:00:42 ns1 named[4602]: error (connection refused) resolving 'guide.opendns.com/A/IN': 200.198.101.4#53 200.198.101.3 - Master 200.198.101.4 - Slave Master and Slave have a meaning only for authoritative DNS service (serving zones you manage). Here, you try to resolve the name guide.opendns.com which is probably not yours, so this is the recursive service, not the authoritative one. It is highly recommended to separate the two services (to have them on different BIND instances, for instance on different machines), to ease debugging. The two must have quite different setups: for the authoritative service, you will deny recursion, and allow the whole world to query your name server. For the recursive service, it is the opposite: you allow recursion but you limit the right to query to only your machines. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
