strange dig behavior
Pamela Rock
prock111 at yahoo.com
Mon Dec 21 14:58:54 UTC 2009
--- On Sun, 12/20/09, Barry Margolin <barmar at alum.mit.edu> wrote:
> From: Barry Margolin <barmar at alum.mit.edu>
> Subject: Re: strange dig behavior
> To: comp-protocols-dns-bind at isc.org
> Date: Sunday, December 20, 2009, 10:59 PM
> In article <mailman.18.1261358139.21153.bind-users at lists.isc.org>,
> Pamela Rock <prock111 at yahoo.com>
> wrote:
>
> > I've got the following three scenarios
> >
> > The client can query a domain A residing on a
> recursive name server.
>
> What do you mean by a domain "residing" on a recursive
> nameserver? If a
> domain resides on a server, the server should be
> authoritative for that
> domain.
>
> >
> > The client can query a domain B on an authratative
> name server.
> >
> > When client queries domain B through the RNS, a
> Status: refused results.
> >
> > I don't know what is causing the refused. IP
> tables is off everywhere, and
> > there are no ACL's on routers or firewalls.
> >
> > The only error I'm seeing is the following in the
> debug log
> >
> > 20-Dec-2009 19:21:09.443 query-errors: debug 3: client
> 172.16.0.5#41484:
> > query failed (REFUSED) for test.com/IN/A at
> query.c:3882
> >
> > I'm running bind 9.6.1 on RH ES 5 64 bit O/S.
> Any ideas? Thanks!!
>
> Is that log on the recursive nameserver or the
> authoritative nameserver?
>
> If it's on the recursive server, is the client in the
> allow-recursion
> ACL on the server?
I did not have allow-recursion turned on. I turned it on and it worked. Thanks!! So "recursion yes;" was not enough. I also had to "allow-recursion { 10.10.1.1; }' to the specific client IP as well.
Thanks!!
>
> If it's on the authoritative server, is the recursive
> server in the
> allow-query ACL?
>
> --
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE don't copy me on replies, I'll read them in the
> group ***
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list