strange dig behavior

Barry Margolin barmar at
Mon Dec 21 03:59:12 UTC 2009

In article <mailman.18.1261358139.21153.bind-users at>,
 Pamela Rock <prock111 at> wrote:

> I've got the following three scenarios
> The client can query a domain A residing on a recursive name server.

What do you mean by a domain "residing" on a recursive nameserver?  If a 
domain resides on a server, the server should be authoritative for that 

> The client can query a domain B on an authratative name server.
> When client queries domain B through the RNS, a Status: refused results.
> I don't know what is causing the refused.  IP tables is off everywhere, and 
> there are no ACL's on routers or firewalls.  
> The only error I'm seeing is the following in the debug log
> 20-Dec-2009 19:21:09.443 query-errors: debug 3: client 
> query failed (REFUSED) for at query.c:3882
> I'm running bind 9.6.1 on RH ES 5 64 bit O/S.  Any ideas?  Thanks!!

Is that log on the recursive nameserver or the authoritative nameserver?

If it's on the recursive server, is the client in the allow-recursion 
ACL on the server?

If it's on the authoritative server, is the recursive server in the 
allow-query ACL?

Barry Margolin, barmar at
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

More information about the bind-users mailing list