Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

problem with BIND in debian.... please help

Status
Not open for further replies.
dnscubano

dnscubano

Technical User
Jun 8, 2012
1
CU
Hello i have configured my dns server , i own a domain , and i have made all config ... i have tested my dns in web intodns.com and all seems to be good,
also when i enter command nslookup for example, dns server resolve everything well....


my problems is when i try to use my dns server in windows clients, when i execute cmd,
and nslookup i receive Unkwown , and query refused......

please i need help...
i have configured dns server in a VPS running Debian 6 and bind......
 
Sort by date Sort by votes
Welcome to TekTips.

Query refused means that you are connecting to the server, but it has been configured such that the client does not have permission to make that query. The bind configuration will have some directives for allow from and allow recursion. The first says which clients are allowed to make queries and the second says for which clients will I resolve beyond my domain.

Question / Experiment: connect to your DNS with nslookup. Query a host that the server is authoritative for such as itself. what response do you get? Next, query it for google.com. If you get a response to the first, but the second says refused, you have a recursion issue.

One "gotcha" to keep in mind is that there are a couple of ways to setup Bind, including in a CHROOT jail. This can impact exactly which configuration file is being used, e.g. /etc or /var/run/bind/etc. Be sure your using the correct file:

You should have a block similar to the folowing. Note the allow statements, where mynets is defined as my network ranges (IPs) that I will allow recursive queries from:
Code: 
controls {
	inet 127.0.0.1 allow {127.0.0.1; } keys { "rndc-key"; };
	};

options {
	listen-on port 53 { 127.0.0.1;};
	listen-on-v6 port 53 { ::1; };
	directory 	"/var/named";
	dump-file 	"/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
	allow-query     { any; };
	recursion yes;
	allow-recursion { mynet; };
	dnssec-enable yes;
	dnssec-validation yes;
	dnssec-lookaside auto;
	version "REFUSED";
	/* Path to ISC DLV key */
	bindkeys-file "/etc/named.iscdlv.key";
};

acl mynet { 192.168.0.0/24; };
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Propus Gemini
  • Locked
  • Question
BIND don't resolve Microsoft Teams URL
Replies
1
Views
6K
iggsterman
iggsterman
R. B.
  • Locked
  • Question
BIND BLOCK IN ANY REQUEST
Replies
0
Views
5K
R. B.
R. B.
Nick Ellson
  • Locked
  • Question
Bind9 with RPZ and local forwarding zones?
Replies
1
Views
6K
Nick Ellson
Nick Ellson
dl12345
  • Locked
  • Question
IPV6 related issue on bind 9.16.1 on Ubuntu 20.04
Replies
1
Views
6K
dl12345
dl12345
Blind Faith
  • Locked
  • Question
Bind9 master insisting on checking NS at root
Replies
5
Views
6K
YoBo7
YoBo7

Part and Inventory Search

Sponsor

Back
Top