Getting an error on a simple DNS configuration
I put together a simple working DNS server and called it new-dns2 with the
IP address of 206.117.115.93. My configuration files follow:
[root@new-dns2 ~]# cat /etc/named.conf
options {
directory /var/named;
};
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
[root@new-dns2 ~]# cat /var/named/db.127.0.0
$TTL 3D
@ IN SOA new-dns1.ci.glendale.ca.us
mchavoshi.glendaleca.gov. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS new-dns1.ci.glendale.ca.us.
1 PTR localhost.
[root@new-dns2 ~]#
So, when I query my new DNS server from itself (206.117.115.93), it
resolves the name to an IP, but when I query my new DNS server from another
Linux box, it fails with the following error message.
[root@new-dns2 ~]# nslookup google.com 206.117.115.93
Server: 206.117.115.93
Address:206.117.115.93#53
Non-authoritative answer:
Name: google.com
Address: 216.58.217.206
[root@new-dns2 ~]#
[root@oragrid01 ~]# nslookup google.com 206.117.115.93
Server: 206.117.115.93
Address:206.117.115.93#53
** server can't find google.com: REFUSED
[root@oragrid01 ~]#
I have stopped FireWall on new-dns2, my DNS server:
[root@new-dns2 ~]# service iptables status
iptables: Firewall is not running.
[root@new-dns2 ~]#
Can someone please tell me what might be the problem?
Many thanks in advance and have a wonderful day/night.
Sincerely,
Samad Agha
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting an error on a simple DNS configuration
Dear Tony, Bob, Matus, Thank you very much for your advice, you guys are awesome. On Wed, Jun 3, 2015 at 1:03 PM, Matus UHLAR - fantomas uh...@fantomas.sk wrote: On 03.06.15 12:34, Samad Agha wrote: So, when I query my new DNS server from itself (206.117.115.93), it resolves the name to an IP, but when I query my new DNS server from another Linux box, it fails with the following error message. you must allow BIND to provide recursive DNS for other hosts, by configuring allow-recursion. otherwise, it will provide DNS resolution only for its local networks (directly connected to host interfaces). [root@new-dns2 ~]# nslookup google.com 206.117.115.93 don't use nslookup, it's very bad tool for debugging DNS problems. learn using host and/or dig -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting an error on a simple DNS configuration
On 03.06.15 12:34, Samad Agha wrote: So, when I query my new DNS server from itself (206.117.115.93), it resolves the name to an IP, but when I query my new DNS server from another Linux box, it fails with the following error message. you must allow BIND to provide recursive DNS for other hosts, by configuring allow-recursion. otherwise, it will provide DNS resolution only for its local networks (directly connected to host interfaces). [root@new-dns2 ~]# nslookup google.com 206.117.115.93 don't use nslookup, it's very bad tool for debugging DNS problems. learn using host and/or dig -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Emacs is a complicated operating system without good text editor. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting an error on a simple DNS configuration
Samad Agha samad.agha2...@gmail.com wrote: So, when I query my new DNS server from itself (206.117.115.93), it resolves the name to an IP, but when I query my new DNS server from another Linux box, it fails with the following error message. ** server can't find google.com: REFUSED By default, BIND allows queries only from localnets, i.e. subnets to which the server is directly connected. For details, see http://ftp.isc.org/isc/bind9/9.10.2/doc/arm/Bv9ARM.ch06.html#access_control Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Forth, Tyne: Variable becoming southeast 3 or 4, occasionally 5 later in Tyne. Slight, becoming slight or moderate later in Tyne. Fair. Good. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Getting an error on a simple DNS configuration
If you don't specify recursion (or query-cache or allow-query), then the
default is:
allow-recursion (localnets; localhost;)
Which means only things on the connected subnets are allowed to make
recursive queries, all others get REFUSED.
So add an allow-recursion ( .. subnet list ..); to your config. (Do not
allow 'all', please.)
--
Bob Harold
hostmaster, UMnet, ITcom
Information and Technology Services (ITS)
rharo...@umich.edu
734-647-6524 desk
On Wed, Jun 3, 2015 at 3:34 PM, Samad Agha samad.agha2...@gmail.com wrote:
I put together a simple working DNS server and called it new-dns2 with the
IP address of 206.117.115.93. My configuration files follow:
[root@new-dns2 ~]# cat /etc/named.conf
options {
directory /var/named;
};
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
[root@new-dns2 ~]# cat /var/named/db.127.0.0
$TTL 3D
@ IN SOA new-dns1.ci.glendale.ca.us
mchavoshi.glendaleca.gov. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS new-dns1.ci.glendale.ca.us.
1 PTR localhost.
[root@new-dns2 ~]#
So, when I query my new DNS server from itself (206.117.115.93), it
resolves the name to an IP, but when I query my new DNS server from another
Linux box, it fails with the following error message.
[root@new-dns2 ~]# nslookup google.com 206.117.115.93
Server: 206.117.115.93
Address:206.117.115.93#53
Non-authoritative answer:
Name: google.com
Address: 216.58.217.206
[root@new-dns2 ~]#
[root@oragrid01 ~]# nslookup google.com 206.117.115.93
Server: 206.117.115.93
Address:206.117.115.93#53
** server can't find google.com: REFUSED
[root@oragrid01 ~]#
I have stopped FireWall on new-dns2, my DNS server:
[root@new-dns2 ~]# service iptables status
iptables: Firewall is not running.
[root@new-dns2 ~]#
Can someone please tell me what might be the problem?
Many thanks in advance and have a wonderful day/night.
Sincerely,
Samad Agha
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Fwd: Getting an error on a simple DNS configuration
allow-recursion { ... };
not
allow-recursion ( ... );
And you need a ; at the end of your list:
allow-recursion {207.151.36.0;};
On 6/3/15 5:14 PM, Samad Agha wrote:
I put the allow-recursion clause under my options, the #service named
restart failed. Where exactly should I place this allow-recursion clause?
[root@new-dns2 ~]# cat /etc/named.conf
options {
directory /var/named;
allow-recursion (207.151.36.0);
};
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
[root@new-dns2 ~]#
[root@new-dns2 ~]# service named restart
Stopping named: . [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:3: '{' expected near '(207.151.36.0)'
[FAILED]
[root@new-dns2 ~]#
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
signature.asc
Description: OpenPGP digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Fwd: Getting an error on a simple DNS configuration
I put the allow-recursion clause under my options, the #service named
restart failed. Where exactly should I place this allow-recursion clause?
[root@new-dns2 ~]# cat /etc/named.conf
options {
directory /var/named;
allow-recursion (207.151.36.0);
};
zone 0.0.127.in-addr.arpa {
type master;
file db.127.0.0;
};
[root@new-dns2 ~]#
[root@new-dns2 ~]# service named restart
Stopping named: . [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:3: '{' expected near '(207.151.36.0)'
[FAILED]
[root@new-dns2 ~]#
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
