Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

nslookup: Server can't find XXX: REFUSED

Status
Not open for further replies.
lamsf

lamsf

Technical User
Jul 27, 2003
103
US
I hv configured a Fedora Linux server as a DNS server. At the Fedora Linux server, I can do nslookup and reverse nslookup with no problem. However, if i run nslookup at a client (e.g. a unix server), I get error "server can't find XXX: REFUSED".

Any idea what is the problem? Anything to do with iptables in the Fedora Linux server which is configured as the DNS server?

Thanks...
 
Sort by date Sort by votes
It looks like the port is being blocked. By default, the ports will be blocked (under unix / linux). IP tables could be the culprit and you may need to add a rule to allow access on the dns port (port 53?).

 
Upvote 0 Downvote
Thanks, Noway2. I hv disabled the iptables with commands "service iptables stop" but the Unix Client is still unable to resolve the IP address from the Fedora Linux DNS server. How can I check if the port 53 is being blocked? Or is there any configuration I shld check at the Unix client as I already had /etc/resolv.conf configured. Anyone can help? Thanks.
 
Upvote 0 Downvote
First, tcpdump port 53 on the server. Issue a lookup, make sure you get it.

netstat -an on the server, make sure you are listening on UDP port 53.

make sure your dns config on the server allows queries and recursion for that client. I believe the default will be to allow query/recursion without a specific allow.

 
Upvote 0 Downvote
I agree with {TheBigDog}, check your DNS server config. Make sure you are allowing queries from the problem client.

In [tt]/etc/name.conf[/tt] you need to add some acls.
Like so...
Code: 
acl internals { 127.0.0.0/8; [Your.IP.Net.work]/[Bitmask]; };
Skip a few lines to where you define your zones...
Code: 
zone "[Domain]" in {
        # Add this line to allow queries from the acl 'internals'
        allow-query { internals ;};
};
Remember, replace the stuff in brackets[] with your info.

[pipe]
 
Upvote 0 Downvote
I removed the following line in the server /etc/named.conf file and now the client can run nslookup with no problem.

# allow-query {localhost;};

Thank you all for the help. You ppl are the best :D
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Wibble2004
  • Locked
  • Question
Bind9.11.20: nslookup shows different MX information on Windows and Linux workstation
Replies
0
Views
6K
Wibble2004
Wibble2004
herestone
  • Locked
  • Question
Core Switch DHCP Server Management 1
Replies
2
Views
6K
herestone
herestone
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
6K
Richard Carter
Richard Carter
NateRD1982
  • Locked
  • Question
Moving Router DHCP to server based DHCP
Replies
3
Views
418
NateRD1982
NateRD1982
Kirby-TjB
  • Locked
  • Question
Extensive Login Script using KixTart, but will not run in Server 2012
Replies
0
Views
206
Kirby-TjB
Kirby-TjB

Part and Inventory Search

Sponsor

Back
Top