Solved

Query refused on bind (named)

Posted on 2007-03-19
18
16,945 Views
Last Modified: 2013-12-16
Hi there

Having a huge problem and I can't figure out why this keeps happening:

dig r-nash.office.protected.com @192.168.2.2

; <<>> DiG 9.3.4 <<>> r-nash.office.protected.com @192.168.2.2
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 65269
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;r-nash.office.protected.com.   IN      A

;; Query time: 1 msec
;; SERVER: 192.168.2.2#53(192.168.2.2)
;; WHEN: Mon Mar 19 12:07:12 2007
;; MSG SIZE  rcvd: 45




I keep getting "refused" when I try to query this server from anywhere on the network, but everything works fine when I try the same query on the server that is running the BIND service.

What is causing this please? I have tried and tried and tried, but I keep getting this.

Here is my named.conf file

//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        listen-on port 53 { 192.168.2.2; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        query-source    port 53;
        query-source-v6 port 53;
        allow-query     { any; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        allow-query { any; };
        match-clients      { localhost; };
        match-destinations { localhost; };
        recursion yes;
        include "/etc/named.rfc1912.zones";
};


Here is my rfc zone file:

// named.rfc1912.zones:
//
// Provided by Red Hat caching-nameserver package
//
// ISC BIND named zone configuration for zones recommended by
// RFC 1912 section 4.1 : localhost TLDs and address zones
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
zone "1.168.192.IN-ADDR.ARPA." IN {
        type master;
        file "192.168.1.db";
        allow-query { any; };
};
zone "2.168.192.IN-ADDR.ARPA." IN {
        type master;
        file "192.168.2.db";
        allow-query { any; };
};
zone "office.protected.com." IN {

allow-query {
        any;
};
type master;
        file "office.protected.com.db";
};
zone "." IN {

type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
        allow-query { any; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
        allow-query { any; };
};

zone "0.0.127.in-addr.arpa" IN {
        allow-query {
        any;
};
type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-query { any; };
};

zone "255.in-addr.arpa" IN {
        type master;
        file "named.broadcast";
        allow-update { none; };
        allow-query { any; };
};

zone "0.in-addr.arpa" IN {
        type master;
        file "named.zero";
        allow-update { none; };
        allow-query { any; };
};


And here is my main zone file:

$TTL 1H
@       SOA     development     root.development (      6
                                                3H
                                                1H
                                                1W
                                                1H )
                        NS      localhost.
m-whelan        IN      1H      A       192.168.2.240
t-ward  IN      1H      A       192.168.2.20
k-rosewarne IN  1H      A       192.168.2.14
a-pieters       IN      1H      A       192.168.2.9
development     IN      1H      A       192.168.2.2
        IN      1H      A       192.168.2.2
printer IN      1H      A       192.168.2.245
b-stabb IN      1H      A       192.168.2.13

t-legg  IN      1H      A       192.168.1.5
d-walker        IN      1H      A       192.168.1.6
a-sundaram      IN      1H      A       192.168.1.7
a-cox   IN      1H      A       192.168.1.8
r-abzadeh       1H      A       192.168.1.9
a-cross IN      1H      A       192.168.1.10
m-harrison      IN      1H      A       192.168.1.11
d-carter        IN      1H      A       192.168.1.12
j-irish IN      1H      A       192.168.1.13
r-nash  IN      1H      A       192.168.1.14
printer2        IN      1H      A       192.168.1.254
phpmyadmin.development  IN      1H      CNAME   development
r-nash  IN      1H      A       192.168.1.14
admin.development       IN      1H      CNAME   development
sd.development  IN      1H      CNAME   development
cp.development  IN      1H      CNAME   development
secure.development      IN      1H      CNAME   development
client.development      IN      1H      CNAME   development
test.development        IN      1H      CNAME   development
sales.development       IN      1H      CNAME   development
support.development     IN      1H      CNAME   development
samsung IN      1H      CNAME   printer
0
Comment
Question by:x_terminat_or_3
  • 7
  • 6
18 Comments
 
LVL 14

Expert Comment

by:pablouruguay
ID: 18747886
just a question.. . you dont have a firewall or block the port 53 in this server ???

do a iptables -L to see what are in your server
0
 
LVL 2

Author Comment

by:x_terminat_or_3
ID: 18748201
No, software firewall is disabled

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
0
 
LVL 14

Expert Comment

by:pablouruguay
ID: 18749756
please remove this 3 lines and restart named and try again please

        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        listen-on port 53 { 192.168.2.2; };
0
 
LVL 2

Author Comment

by:x_terminat_or_3
ID: 18750137
I removed those lines but I still get the refused bit
0
 
LVL 14

Expert Comment

by:pablouruguay
ID: 18750187
i didnt see the error....

maybe can teste removing with # the lines on query.. to accept any query... only for checking
0
 
LVL 2

Author Comment

by:x_terminat_or_3
ID: 18750535
where do I do that?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 14

Accepted Solution

by:
pablouruguay earned 200 total points
ID: 18750613
in the named.conf comment all  

allow-query     { any; };

like this

#allow-query     { any; };

and restart named with /etc/init.d/named restart
0
 
LVL 2

Author Comment

by:x_terminat_or_3
ID: 18751316
I FIXED IT!

The problem was this:

view localhost_resolver {
        allow-query { any; };
        match-clients      { localhost; };
        match-destinations { localhost; };
        recursion yes;
        include "/etc/named.rfc1912.zones";
};

I changed the match-clients , and match-destinations to any, and now it works it works!
0
 
LVL 2

Author Comment

by:x_terminat_or_3
ID: 18751519
I'll award you some points but the actual answer was self-found, so please be patient while admin deals with this.

Thank you for your help
0
 
LVL 14

Expert Comment

by:pablouruguay
ID: 18756636
nice :)....  i learned in this question... thank you
0
 
LVL 14

Expert Comment

by:pablouruguay
ID: 18815250
paq and refunded??? i dont understand...
0
 
LVL 2

Author Comment

by:x_terminat_or_3
ID: 18818561
Looks like I misunderstood what was being asked. I have amended the thread mentioned by Vee_Mod to get you points.

Thanks for your help
0
 
LVL 2

Author Comment

by:x_terminat_or_3
ID: 18821933
No this is exactly what I wanted. Thanks Vee_Mod
0

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Which Linux flavors will this run on? 6 76
LINUX CENTOS + APACHE 9 60
Debug VNC connection on CentOS7 server 22 64
CentOS/RHEL 7 Linux maillog worldwide readable 2 40
Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now