Bind 9.1 Question
Willis L. Sarka
wlsarka at the-republic.org
Tue Jan 30 00:13:16 UTC 2001
With dig, it gives the same type of responses. Although 9.1 might not
support it, I was under the impression that nslookup use is decprecated,
not
completely removed all together. I'm not too terribly familiar with dig,
but just typing "dig" at the prompt produces this:
[root at news doc]# dig
; <<>> DiG 9.1.0 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 28309
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN NS
;; Query time: 10 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jan 30 00:11:57 2001
;; MSG SIZE rcvd: 17
Notice the "REFUSED" part still? This is what I'm having trouble with...
Again, it's probably really braindead what I'm missing, but I'm not seeing
it.
If anyone has a look at the named.conf snippet I sent earlier, please tell
me what option I'm missing or need to axe.
W
On Mon, 29 Jan 2001, Nguyen, Andy wrote:
> nslookup is not supported in Bind 9.1. Use dig instead.
>
> -----Original Message-----
> From: Willis L. Sarka [mailto:wlsarka at the-republic.org]
> Sent: Monday, January 29, 2001 5:50 PM
> To: bind-users at isc.org
> Subject: Bind 9.1 Question
>
>
>
> Greetings,
>
> I have Bind 9.1 up and running successfully, but I have one small problem.
> I can perform an nslookup query remotely (i.e. not on the smae machine
> that Bind is running on), and it works just fine. However on the same
> machine that is running Bind 9.1, when I do a nslookup, I get a "refused"
> messages. I'm sure this is probably something _really_ that I'm missing,
> but I've been stuck for a few hours, so here I am.
>
> Sample nslookup on machine running bind 9.1:
>
> [root at news /root]# nslookup
> Note: nslookup is deprecated and may be removed from future releases.
> Consider using the `dig' or `host' programs instead. Run nslookup with
> the `-sil[ent]' option to prevent this message from appearing.
> > news.bldr.rtone.com
> Server: 127.0.0.1
> Address: 127.0.0.1#53
>
> ** server can't find news.bldr.rtone.com.: REFUSED
> >
>
>
> Messages from the log files:
>
> Jan 29 22:45:13.983 security: client 127.0.0.1#2030: query denied
>
> Here is my named.conf:
>
> acl "internals" { 127.0.0.1; 172.16.0.0/20; 172.16.16.0/24; 172.16.5.0/24;
> 192.168.253.0/24; };
>
> controls {
> inet 127.0.0.1 allow { localhost; } keys { namedkey; };
> };
>
> key namedkey {
> algorithm "hmac-md5";
> secret "tP6O603HGrPW6bV59JV4vw==";
> };
>
> options {
> auth-nxdomain no;
> directory "/";
> pid-file "named.pid";
> allow-query { "internals"; };
> allow-recursion { "internals"; };
> allow-transfer { "internals"; };
> };
>
> logging {
> channel namedlog {
> file "var/log/named.log" versions 5 size 2m;
> print-time yes;
> print-category yes;
> };
> category xfer-out { namedlog; };
> category panic { namedlog; };
> category security { namedlog; };
> category insist { namedlog; };
> category response-checks { namedlog; };
> };
>
> //
> // a caching only nameserver config
> //
> zone "." {
> type hint;
> file "named.ca";
> };
>
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "named.local";
> };
>
> zone "rtone.com" {
> type master;
> file "db.rtone.com";
> };
>
> zone "bldr.rtone.com" {
> type master;
> file "db.bldr.rtone.com";
> };
>
> zone "dnvr.rtone.com" {
> type master;
> file "db.dnvr.rtone.com";
> };
>
> zone "smartpoint.com" {
> type master;
> file "db.smartpoint.com";
> };
>
> .... more reverse zones, etc...
>
>
>
> I know the logging section needs work.
>
>
> Rndc is working just fine on the nameserver box, if that matters, and
> named starts and runs fine.
>
>
> Again, any help is appreciated. This is the last step before I convert
> from Bind 8.2.2_P7 to Bind 9.1. I'd like to never again worry about a
> Bind 8.x buffer overflow, or root exploit.
>
> Thanks,
> Will Sarka
>
>
>
>
--
---------------------------------------------
Those, who would give up essential liberty to
purchase a little temporary safety, deserve
neither liberty nor safety.
-Ben Franklin
Historical Review of Constitution and
Government of Pennsylvania
---------------------------------------------
More information about the bind-users
mailing list