REFUSED but no log entry

Mark Andrews Mark_Andrews at isc.org
Thu Oct 4 07:44:27 UTC 2007 

> I'm running bind-9.3.3 on CentOS5 and trying to figure out why I can't 
> transfer my zone to an outside slave. All queries seem to be met with a 
> REFUSED response, but I see nothing reported in *any* of the log 
> categories (most running at debug level, some at info), nor do I see 
> anything in /var/log/messages. Where should I be looking for diagnostic 
> info to track this down?
> 
> I suspect it might be a view permission issue. I have 3 views configured 
> per CentOS5 "standard", like this:

	I seriously doubt that this is the 'CentOS5 "standard"'
	because what you have below is illogical.  I suggest that
	you actually read the description of match-destinations,
	then ask youself if any packet will ever match

		match-destinations      { !localnets; !localhost; };

	unless you are actually intercepting packets in a firewall and
	processing them locally.

	You get REFUSED because the queries don't match any view.

	Remove the match-destinations clauses they really are not needed.

	Mark
 
> view "localhost_resolver"
> {
>         match-clients           { localhost; };
>         match-destinations      { localhost; };
> };
> view "internal"
> {
>         match-clients           { localnets; };
>         match-destinations      { localnets; };
> };
> view    "external"
> {
>         match-clients           { !localnets; !localhost; };
>         match-destinations      { !localnets; !localhost; };
> };
> 
> The zone is defined in all 3 views. I'm getting refused from 2 external 
> clients on different networks.
> 
> [ken at newred tmp]$ dig microprecisionautomation.com @69.17.55.102
> 
> ; <<>> DiG 9.2.3 <<>> microprecisionautomation.com @69.17.55.102
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 20075
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> 
> ;; QUESTION SECTION:
> ;microprecisionautomation.com.  IN      A
> 
> ;; Query time: 27 msec
> ;; SERVER: 69.17.55.102#53(69.17.55.102)
> ;; WHEN: Tue Oct  2 15:26:50 2007
> ;; MSG SIZE  rcvd: 46
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list