refused query on non-query socket?

Mark_Andrews at iengines.com Mark_Andrews at iengines.com
Tue Nov 23 11:55:19 UTC 1999 

> -----BEGIN PGP SIGNED MESSAGE-----
> 
> hi all,
> 
> i keep getting the error `refused query on non-query socket' from named
> and most of the errors come from the internal IP addresses. i've separated
> my name servers for internal and external resolution. some of the relevant
> lines from the named-*.conf files:

	You are getting queries directed at interfaces *not* listed
	in the listen-on clauses.  The socket used to source queries,
	on the external server, will receive queries directed to port
	53 for which neither server is listening.


> 
> - -- EXTERNAL --
> options {
>     directory "/etc/namedb/external";
>     pid-file "/var/run/named-external.pid";
>     named-xfer "/usr/local/libexec/named-xfer";
>     query-source address * port 53;
>     allow-query {
>         192.168.1.0/24;
>         192.168.2.0/24;
>         127.0.0.1;
>         xxx.xxx.xxx.xxx/24;
>     };
>     listen-on {
>         xxx.xxx.xxx.1;
>         127.0.0.1;
>     };
> };
> 
> 
> - -- INTERNAL --
> options {
>     directory "/etc/namedb/internal";
>     pid-file "/var/run/named-internal.pid";
>     named-xfer "/usr/local/libexec/named-xfer";
>     forwarders {
>         xxx.xxx.xxx.1;
>         xxx.xxx.xxx.2;
>     };
>     allow-query {
>         192.168.1.0/24;
>         192.168.2.0/24;
>     };
>     listen-on {
>         192.168.1.1;
        192.168.2.1;
>     };
>     sortlist {
>         { 192.168.1.0/24; };
>         { 192.168.2.0/24; };
>     };
> };
> 
> P.S. is it possible for a host to have two or more IN PTR entries (two or 
>      more IP addresses)?

	Yes.
> 
> - -- 
> francis vidal	university of st. la salle, bacolod city, philippines
> . . . . . . .	PGP key available via e-mail / subject: get PGP key
> u s l s N E T	tel nos. (+63.34).433.3526 / fax (+63.34).434.0415
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
> Comment: Requires PGP version 2.6 or later.
> 
> iQCVAwUBODpMehHlkpsNrjEFAQFhQgQAv4cZYYVMbZcNchbudugDo0Jb4ES/6XPe
> d9DJdaHGAbgF1QfSh5pfeVvQxIibErCa2QXnkINXrpUITE+umqz2fMYhP5swUI33
> LpUNyiInHONDjtoZ+9V2lxrCrLare5l9JbrVt6HaYsnvvpve9oLh02FHRVi4lTTx
> wECT/uTPXW8=
> =ps/b
> -----END PGP SIGNATURE-----
> 
> 
--
Mark Andrews, Internet Engines Inc. / Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at iengines.com

More information about the bind-users mailing list