no-cache dns server error

Thu Jul 22 19:01:14 UTC 2004

>>>>> "Tom" == Tom Ral <tlenc2003 at yahoo.com> writes:

    Tom> I am running into some problems trying to setup a chrooted,
    Tom> authoritative-only, no-caching DNS server using bind-9.2.3.
    Tom> I keep getting message "server can't find <server_name>:
    Tom> REFUSED" when I tried nslookup.

Well what do you expect to happen when you send queries to a name
server that can't process recursive queries? Your name server is
behaving the way you've told it to behave: don't make recursive
queries. [You really should have used an allow-recursion clause to
reject inbound recursive queries. Though stopping your server from
making those queries isn't unreasonable.] Your server can only answer
the domains/zones you've made the name server serve. Queries for
anything else are going to fail, probably with a REFUSED response code.

BTW, you should use a decent lookup tool like dig. Consult the list
archives on why nslookup should be avoided. There are good reasons for
the warning message printed by the BIND9 nslookup and you should have
paid attention to that. Getting rid of nslookup is a Very Good Thing.

Overall, your setup seems fine. Though it would have helped if you'd
used dig and shown a verbatim example of its output for a "failed"
lookup.

However the zone file for this lecomp zone -- perhaps it should have
been lecomp.com? -- is broken. This would be noted in your name
server's logs. [Hint: named-checkzone is your friend.] You have an A
record for lecomp.com. Which cannot exist in the lecomp zone, the name
you've given it in the corresponding zone{} statement. This problem
might have been more apparent to you if you'd used fully qualified,
dot-terminated domain names throughout your zone files. Mail for this
zone may well be broken too as the MX record points at mail.lecomp.com
which probably doesn't exist.