We help IT Professionals succeed at work.
Get Started

BIND requests denied - again...

1,775 Views
Last Modified: 2012-05-06
Folks

Having more problems with my BIND server.

I already posted a question https://www.experts-exchange.com/OS/Linux/Q_24220201.html for a similar problem I thought it was fixed. However I have again denied requests:

Mar 16 09:40:06 xxx named[2932]: client 70.86.70.34#1151: query (cache) 'apevl.ch/NS/IN' denied

I muss confess I am at loss to explain why those queries are rejected whereas they where working a few days ago with an unchanged config...

Anyway my named.conf file:

------------------------------------------------
options {
    directory "/etc";
    pid-file "/var/run/named.pid";
    statistics-file "/var/run/named.stats";
    version "Surely you must be joking";
    listen-on port 53 {  88.191.98.49; 127.0.0.1;  };
    allow-recursion { trusted; };
    allow-query { any; };
    allow-query-cache { any; };
};

controls {
    inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

acl "trusted" {
   88.191.98.49;
   127.0.0.1;
};


key "rndc_key" {
    algorithm hmac-md5;
      secret "PUSNeyNcuyQep6BbzLYYGAeOL+V8ItICcnldf5LAWSbyKl9fGOj6eHejgD+XKGjEb9WH/EJXYGNAJjl+8StWcQ==";
};

logging {
         channel channel_info {
                    file "/etc/bind.log" versions 3 size 5m;
                    severity info;
                    print-time yes;
                    print-severity yes;
                    print-category yes;
               };


         channel channel_notice {
                    file "/etc/bindnotice.log" versions 3 size 5m;
                    severity notice;
                    print-time yes;
                    print-severity yes;
                    print-category yes;
               };

# default
        category default             { channel_notice; };
        category general             { channel_notice; };
        category client              { channel_notice; };
        category config         { channel_notice; };
        category database       { channel_notice; };
        category dnssec         { channel_notice; };
        category lame-servers   { channel_notice; };
        category network        { channel_notice; };
        category notify         { channel_info; };
        category queries        { channel_notice; };
        category resolver       { channel_notice; };
        category security       { channel_info; };
        category update         { channel_info; };
        category update-security { channel_info; };
        category xfer-in        { channel_info; };
        category xfer-out       { channel_info; };
        category unmatched      { channel_notice; };
        category dispatch       { channel_notice; };
        category delegation-only { channel_notice; };
        category edns-disabled { channel_notice; };

    channel default_debug {
      file "/etc/named.run";
      severity dynamic;
    };

    channel default_stderr {
      stderr;
      severity info;
    };

    channel null {
      null;
    };
};


zone "." {
    type hint;
    file "/etc/root.hints";
};

zone "localhost" {
    type master;
    file "/etc/localhost";
};

zone "0.0.127.in-addr.arpa" {
    type master;
    file "/etc/127.0.0";
};

zone "apevl.ch" IN {
      type master;
      file "sites/apevl.ch/forward.zone";
      allow-transfer { 127.0.0.1; 204.13.249.75; 208.78.69.75; 208.78.69.138; 204.13.249.138;  91.198.22.75; 91.198.22.138; 203.62.195.75; 203.62.195.76; 204.13.249.76;  };
      allow-update { none;  };
      allow-query { any;  };
      zone-statistics yes;
      notify no;
      also-notify {  };
};

zone "49.98.191.88.in-addr.arpa" {
      type master;
      file "sites/apevl.ch/reverse.zone.ipv4";
      allow-transfer { 127.0.0.1; 204.13.249.75; 208.78.69.75; 208.78.69.138; 204.13.249.138;  91.198.22.75; 91.198.22.138; 203.62.195.75; 203.62.195.76; 204.13.249.76;  };
      allow-update { none;  };
      allow-query { any;  };
      zone-statistics yes;
      notify no;
      also-notify {  };
};

------------------------------------------------

and my forward.zone

------------------------------------------------

$TTL 14400;
@      IN      SOA      apevl.ch.      ns.apevl.ch. (
                  2009031503      ; Serial
                  3600            ; Refresh
                  360            ; Retry
                  1209600      ; Expire
                  3600 )      ; Min TTL
                       
            IN      NS     ns

ns.apevl.ch. A 88.191.98.49

ns1.apevl.ch. A 88.191.98.49

apevl.ch.      IN      A      88.191.98.49

      IN    N         ns.apevl.ch.
      IN         NS    ns1.apevl.ch.
      IN      NS      ns2.mydyndns.org.
      IN      NS      ns3.mydyndns.org.
      IN      NS      ns4.mydyndns.org.
      IN      NS      ns5.mydyndns.org.

      IN      MX      10      aspmx.l.google.com.

      IN      MX      20      alt1.aspmx.l.google.com.

      IN      MX      30      alt2.aspmx.l.google.com.

mail.apevl.ch.  IN  CNAME ghs.google.com.

www.apevl.ch.  IN  CNAME ghs.google.com.

google34160a471ab995a5.apevl.ch.      IN      CNAME      google.com.

------------------------------------------------

Any idea & suggestion MOST welcome :)

Regards
Comment
Watch Question
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 1 Answer and 36 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE