dig with status: REFUSED

aabouk01 at fiu.edu aabouk01 at fiu.edu
Wed Nov 19 20:29:16 UTC 2003 

> 
> From: Edvard Tuinder <listbind at lunytune.nl>
> Date: 2003/11/19 Wed AM 11:05:12 EST
> To: aabouk01 at fiu.edu
> CC: bind-users at isc.org
> Subject: Re: dig with status: REFUSED
> 
> According to aabouk01 at fiu.edu:
> > What would cause a query to come back with a refused status?
> > I can query the zone on some nameservers with no issues, but
> > on others i not able to. The domain i'm working with is
> > bernuth.com Could this simply be the changes have not propagated
> > to all nameservers or I have an issue on my zone configuration?
> 
> No, not all nameservers allow you to use them as recursive nameservers.
> The REFUSED return code may be due to that.
> 
> If you want to verify the setup of your domain, check on www.dnsreport.com.
> That site will perform various sanity checks on your domain.
> 
> But to answer your question partially, the setup of your domain is not
> correct. According to the gtld-servers the nameservers are ns.fbsims.com
> and ns1.fbsims.com. The first (ns.fbsims) is setup correct, but the second
> is not answering correctly, but returning SERV-FAIL, which usually indicates
> that it is not able to transfer the zone from the primary.
> 
> Furthermore the NS list as returned by ns.fbsims.com is not correct, as it
> only lists itself as nameserver and not also ns1.
> 
> Your TTL's are also very high. That is not very usefull. Usually something
> like 1 day or maybe 1 week is more than enough.
> 
> -Ed
> 
> 




Here is the output from dig

dig @165.87.194.244 bernuth.com

; <<>> DiG 9.2.1 <<>> @165.87.194.244 bernuth.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55046
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bernuth.com.			IN	A

;; Query time: 60 msec
;; SERVER: 165.87.194.244#53(165.87.194.244)
;; WHEN: Wed Nov 19 16:18:22 2003
;; MSG SIZE  rcvd: 29




I figured a good starting point would be to fix the errors that are reported by www.dnsreport.com. 

      FAIL Missing nameservers 2 ERROR:

      One or more of the nameservers listed at the parent             
      servers are not listed as NS records at your 
      nameservers. The problem NS records are:
      ns.fbsims.com.

Would this mean that i am missing an NS record on both servers or just ns.fbsims.com? I'm not understanding the meaning of this error since now an NS record exists on both servers.


Thanks!

Alain

More information about the bind-users mailing list