dig with status: REFUSED
Roger Ward
roger.ward at national-net.com
Thu Nov 20 03:40:42 UTC 2003
If you add ns1.fbsims.com. as a NS record for your domain (ON ns.fbsims.com -
in addition to the NS record there that mentions ns.fbsims.com.), you may see
all your problems clear up.
Another suggestion was to reduce your TTL - so when you make changes (and
increment your serial) your high TTL will not prevent updates from
propogating elsewhere on the Internet.
-Roger
On Wednesday 19 November 2003 03:29 pm, aabouk01 at fiu.edu wrote:
> > From: Edvard Tuinder <listbind at lunytune.nl>
> > Date: 2003/11/19 Wed AM 11:05:12 EST
> > To: aabouk01 at fiu.edu
> > CC: bind-users at isc.org
> > Subject: Re: dig with status: REFUSED
> >
> > According to aabouk01 at fiu.edu:
> > > What would cause a query to come back with a refused status?
> > > I can query the zone on some nameservers with no issues, but
> > > on others i not able to. The domain i'm working with is
> > > bernuth.com Could this simply be the changes have not propagated
> > > to all nameservers or I have an issue on my zone configuration?
> >
> > No, not all nameservers allow you to use them as recursive nameservers.
> > The REFUSED return code may be due to that.
> >
> > If you want to verify the setup of your domain, check on
> > www.dnsreport.com. That site will perform various sanity checks on your
> > domain.
> >
> > But to answer your question partially, the setup of your domain is not
> > correct. According to the gtld-servers the nameservers are ns.fbsims.com
> > and ns1.fbsims.com. The first (ns.fbsims) is setup correct, but the
> > second is not answering correctly, but returning SERV-FAIL, which usually
> > indicates that it is not able to transfer the zone from the primary.
> >
> > Furthermore the NS list as returned by ns.fbsims.com is not correct, as
> > it only lists itself as nameserver and not also ns1.
> >
> > Your TTL's are also very high. That is not very usefull. Usually
> > something like 1 day or maybe 1 week is more than enough.
> >
> > -Ed
>
> Here is the output from dig
>
> dig @165.87.194.244 bernuth.com
>
> ; <<>> DiG 9.2.1 <<>> @165.87.194.244 bernuth.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 55046
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;bernuth.com. IN A
>
> ;; Query time: 60 msec
> ;; SERVER: 165.87.194.244#53(165.87.194.244)
> ;; WHEN: Wed Nov 19 16:18:22 2003
> ;; MSG SIZE rcvd: 29
>
>
>
>
> I figured a good starting point would be to fix the errors that are
> reported by www.dnsreport.com.
>
> FAIL Missing nameservers 2 ERROR:
>
> One or more of the nameservers listed at the parent
> servers are not listed as NS records at your
> nameservers. The problem NS records are:
> ns.fbsims.com.
>
> Would this mean that i am missing an NS record on both servers or just
> ns.fbsims.com? I'm not understanding the meaning of this error since now an
> NS record exists on both servers.
>
>
> Thanks!
>
> Alain
More information about the bind-users
mailing list