Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

nslookup: Server can't find XXX: REFUSED

Status
Not open for further replies.

lamsf

Technical User
Jul 27, 2003
103
US
I hv configured a Fedora Linux server as a DNS server. At the Fedora Linux server, I can do nslookup and reverse nslookup with no problem. However, if i run nslookup at a client (e.g. a unix server), I get error "server can't find XXX: REFUSED".

Any idea what is the problem? Anything to do with iptables in the Fedora Linux server which is configured as the DNS server?

Thanks...
 
It looks like the port is being blocked. By default, the ports will be blocked (under unix / linux). IP tables could be the culprit and you may need to add a rule to allow access on the dns port (port 53?).

 
Thanks, Noway2. I hv disabled the iptables with commands "service iptables stop" but the Unix Client is still unable to resolve the IP address from the Fedora Linux DNS server. How can I check if the port 53 is being blocked? Or is there any configuration I shld check at the Unix client as I already had /etc/resolv.conf configured. Anyone can help? Thanks.
 
First, tcpdump port 53 on the server. Issue a lookup, make sure you get it.

netstat -an on the server, make sure you are listening on UDP port 53.

make sure your dns config on the server allows queries and recursion for that client. I believe the default will be to allow query/recursion without a specific allow.

 
I agree with {TheBigDog}, check your DNS server config. Make sure you are allowing queries from the problem client.

In [tt]/etc/name.conf[/tt] you need to add some acls.
Like so...
Code:
acl internals { 127.0.0.0/8; [Your.IP.Net.work]/[Bitmask]; };
Skip a few lines to where you define your zones...
Code:
zone "[Domain]" in {
        # Add this line to allow queries from the acl 'internals'
        allow-query { internals ;};
};
Remember, replace the stuff in brackets[] with your info.

[pipe]
 
I removed the following line in the server /etc/named.conf file and now the client can run nslookup with no problem.

# allow-query {localhost;};

Thank you all for the help. You ppl are the best :D
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top