unalbe-to-query
Reindl Harald
h.reindl at thelounge.net
Mon Dec 14 09:56:54 UTC 2015
Am 14.12.2015 um 10:47 schrieb Ejaz:
> Thank you so much for your response.. see this the error what I have
> when I check from zonemaster.net
>
> Name server ns1.cyberia.net.sa/212.119.92.5 did not return NS records.
> RCODE was REFUSED.
nameserver refuses to respond
[harry at rh:~]$ dig SOA arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> SOA arabsat.com
@ns1.cyberia.net.sa.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 51257
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com. IN SOA
;; Query time: 138 msec
;; SERVER: 212.119.92.5#53(212.119.92.5)
;; WHEN: Mo Dez 14 10:52:50 CET 2015
;; MSG SIZE rcvd: 40
[harry at rh:~]$ dig NS arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> NS arabsat.com
@ns1.cyberia.net.sa.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 58984
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com. IN NS
;; Query time: 104 msec
;; SERVER: 212.119.92.5#53(212.119.92.5)
;; WHEN: Mo Dez 14 10:53:10 CET 2015
;; MSG SIZE rcvd: 40
> Whereas, when I check for SOA of arabsat.com from inside network. Seems
> everything is ok..
>
> host -t soa arabsat.com
>
> arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa.
> 2015121472 43200 4320 1209600 600
get rid of "host" and "nslookup", i see the same result while the zone
is *not* proper operational as you can see above with dig and "status:
REFUSED"
[harry at rh:~]$ host -t soa arabsat.com
arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa.
2015121472 43200 4320 1209600 600
> Please advise how can I trouble shoot
remove restrictions on your nameserver for public zones, if you don't
know how it is configured or don't understand the config post it - we
can't help when we don't have no insight
> -----Original Message-----
> From: Niall O'Reilly [mailto:niall.oreilly at ucd.ie]
> Sent: Monday, December 14, 2015 12:13 PM
> To: Ejaz <mejaz at cyberia.net.sa>
> Cc: bind-users at lists.isc.org
> Subject: Re: unalbe-to-query
>
> On Mon, 14 Dec 2015 06:59:12 +0000,
>
> Ejaz wrote:
>
> >
>
> > Hi all,
>
> >
>
> > We are one of the leading ISP of Saudi Arabia. Installed latest
>
> > version of bind and smbind inorder manage the zones over the Web
>
> > interface.
>
> >
>
> > Wonder is that, the zones which configured through smbind cannot be
>
> > seen from the outside world.. locally it is fine. For an example
>
> > arabsat.com.
>
> >
>
> > Almost 1500 other zones on the same name server runs through bind 9.9.
>
> > works perfectly internally and externally. Eg. Cyberia.net.sa.
>
> >
>
> > From Internally I can query it.. it is ok…
>
> I'm not sure that you can safely say this. From what I can see,
>
> you seem to be using nslookup, which (in trying to be "helpful")
>
> hides so much information that you cannot depend on the results
>
> it gives.
>
> I suggest you use the zonemaster tool (https://zonemaster.net/) to
>
> run a comprehensive series of tests against the zone(s) which are
>
> giving you trouble.
>
> Best regards,
>
> Niall O'Reilly
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20151214/91f8a743/attachment.bin>
More information about the bind-users
mailing list