Help DNS

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Fri Aug 21 15:54:36 UTC 2015 

nslookup is horrible. I'm assuming that the base query (ctc.cu) is getting REFUSED (probably due to lack of loopback in the allow-query-cache clause), then nslookup is stepping through the searchlist, getting one or more NXDOMAINs, and misreporting the overall failure as NXDOMAIN.

If nslookup *must* be used (try dig instead), at least turn on debug so you can see what it's doing behind the scenes.

                                                                                    - Kevin

From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Abdul Khader
Sent: Friday, August 21, 2015 11:36 AM
To: bind-users at lists.isc.org
Subject: Re: Help DNS

Is 127.0.0.1 allowed to query in your named.conf ?

On 8/21/2015 8:22 PM, Int wrote:

Giving problem the DNS's resolution of names

When I sell off a nslookup from localhost:127.0.0.1 in the servers DNS Bind9



 Here what the DNS's log generates goes: For the following consultation to the DNS



 # nslookup ctc.cu



Server:  127.0.0.1

Address: 127.0.0.1 #53



** server can't find ctc.cu: NXDOMAIN

---------------------------------------------

tail -1000 /var/log/syslog |grep namedd

Respond



 Aug 21 01:19:08 ns2 named[4481]: client 127.0.0.1#58899: view local: query (cache) 'ctc.cu/A/IN' denied

---------------------------------------------

In another one views the IP for ctc.cu makes up its mind correctly



Somebody knows like solving it (Aug 21 01:19:08 ns2 named[4481]: client 127.0.0.1#58899: view local: query (cache) 'ctc.cu/A/IN' denied)



------------------------

My configuration's attached file of the servers sent them BIND 9,

please check my views's configuration and zones,

tell me if you have any recommendation to configure views's and the DNS's zones

or they can send me some example of configuration for a servers DNS with 3 Interfaces of net

------------------------



Please tell me as I can configure the inverse,

general- form zones that they can recommend me to configure the servers DNS Bind

with the bigger possible security



Greetings

  William



_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list



bind-users mailing list

bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>

https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150821/0fb86d37/attachment-0001.html>

More information about the bind-users mailing list