Bind and server refused issue

Mark Andrews marka at
Tue Nov 22 03:55:04 UTC 2011

In message <4ECB1B3E.5010400 at>, Eduardo Bonsi writes:
> Hello;
> Does NTP interfere with DNSSEC configuration?

No, though the machine has to have a good enough idea of the time
when it boots so that the circular dependacy is not a issue.  For
DNSSEC +/- a hour should not be a issue.

> Apple computers have their 
> own time synchronized and configured through the
> -Is that enough or do I have to configure NTP to work with their 
> server?
> In case of Yes, does anyone here in the list have configured NTP 
> successfully and could help? I have read the information out there on 
> Google and tried their configuration but so far it has not worked.
> Thanks!
> 21-Nov-2011 15:09:55.748 security: info: client 63.200.45.xx#port view 
> external: query (cache) '' denied

This looks like you have configured multiple views and have a external
machine trying to use you to recurse.  Make sure your match-clients
clauses full cover your internal machines.  In this case 63.200.45.xx
was not being matched.

> 21-Nov-2011 15:09:55.748 query-errors: debug 3: client 
> 63.200.45.xx#port: view external: query failed (REFUSED) for 
> at 
> /SourceCache/bind9/bind9-31.1/bind9/bin/named/query.c:3899
> -- 
> Eduardo Bonsi
> System - Network Admin
> beartcom at
> webmaster at
> _______________________________________________
> Please visit to unsubscribe
>  from this list
> bind-users mailing list
> bind-users at
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list