query (cache) 'domain.com/AAAA/IN' denied

kalin kalin at el.net
Thu Oct 11 01:01:35 UTC 2012


hi all...

# uname -a
NetBSD ns2..... 5.1 NetBSD 5.1 .... ...

# named -v
BIND 9.5.2-P2

i get these in the log:

Oct 10 16:15:09 ns2 named[29914]: client 156.154.62.145#19443: query 
(cache) 'domain.net/AAAA/IN' denied
Oct 10 16:15:09 ns2 named[29914]: client 156.154.62.145#29333: query 
(cache) 'domain.net/A/IN' denied
Oct 10 16:15:09 ns2 named[29914]: client 156.154.62.145#20710: query 
(cache) 'www.domain.org/A/IN' denied
Oct 10 16:15:09 ns2 named[29914]: client 156.154.62.145#20122: query 
(cache) 'domain.net/AAAA/IN' denied
Oct 10 16:15:09 ns2 named[29914]: client 156.154.62.145#17725: query 
(cache) 'domain.net/A/IN' denied
Oct 10 16:15:09 ns2 named[29914]: client 156.154.62.145#29894: query 
(cache) 'www.domain.org/A/IN' denied
Oct 10 16:15:09 ns2 named[29914]: client 156.154.62.145#47730: query 
(cache) 'www.domain.org/A/IN' denied
Oct 10 16:15:09 ns2 named[29914]: client 38.112.17.138#36976: query 
(cache) 'domain.org/A/IN' denied
Oct 10 16:15:09 ns2 named[29914]: client 156.154.62.145#43827: query 
(cache) 'domain.org/A/IN' denied

.........................................


all the domain.net, .org, .com above exist. if i do a dig off a local 
machine they resolve fine. if the dig is out of this network i get a log 
entry as above.

at this point the named.conf has:

options {
         version         "ha-ha-ha";
         directory       "/etc/namedb";
         pid-file        "/var/run/named/pid";
         dump-file       "/var/dump/named_dump.db";
         statistics-file "/var/stats/named.stats";


         allow-query-cache { any; };
         allow-query { any; };
         recursion no;


         allow-transfer  {
                                 127.0.0.1;
                         };

       };


i'm not sure where to look next....   this machine is on a verizon fios 
if that really makes any difference...


where should i look?


thanks....





More information about the bind-users mailing list