unalbe-to-query

Reindl Harald h.reindl at thelounge.net
Mon Dec 14 09:56:54 UTC 2015



Am 14.12.2015 um 10:47 schrieb Ejaz:
> Thank you so much for your  response.. see this the error what I have
> when I check from zonemaster.net
>
> Name server ns1.cyberia.net.sa/212.119.92.5 did not return NS records.
> RCODE was REFUSED.

nameserver refuses to respond


[harry at rh:~]$ dig SOA arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> SOA arabsat.com 
@ns1.cyberia.net.sa.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 51257
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com.                   IN      SOA

;; Query time: 138 msec
;; SERVER: 212.119.92.5#53(212.119.92.5)
;; WHEN: Mo Dez 14 10:52:50 CET 2015
;; MSG SIZE  rcvd: 40

[harry at rh:~]$ dig NS arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> NS arabsat.com 
@ns1.cyberia.net.sa.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 58984
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com.                   IN      NS

;; Query time: 104 msec
;; SERVER: 212.119.92.5#53(212.119.92.5)
;; WHEN: Mo Dez 14 10:53:10 CET 2015
;; MSG SIZE  rcvd: 40

> Whereas, when I check for SOA of arabsat.com from inside network. Seems
> everything is ok..
>
> host -t soa arabsat.com
>
> arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa.
> 2015121472 43200 4320 1209600 600

get rid of "host" and "nslookup", i see the same result while the zone 
is *not* proper operational as you can see above with dig and "status: 
REFUSED"

[harry at rh:~]$ host -t soa arabsat.com
arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa. 
2015121472 43200 4320 1209600 600

> Please advise  how can I trouble shoot

remove restrictions on your nameserver for public zones, if you don't 
know how it is configured or don't understand the config post it - we 
can't help when we don't have no insight

> -----Original Message-----
> From: Niall O'Reilly [mailto:niall.oreilly at ucd.ie]
> Sent: Monday, December 14, 2015 12:13 PM
> To: Ejaz <mejaz at cyberia.net.sa>
> Cc: bind-users at lists.isc.org
> Subject: Re: unalbe-to-query
>
> On Mon, 14 Dec 2015 06:59:12 +0000,
>
> Ejaz wrote:
>
>  >
>
>  > Hi all,
>
>  >
>
>  > We are one of the leading ISP of Saudi Arabia. Installed latest
>
>  > version of bind and smbind inorder manage the zones over the Web
>
>  > interface.
>
>  >
>
>  > Wonder is that, the zones which configured through smbind cannot be
>
>  > seen from the outside world.. locally it is fine. For an example
>
>  > arabsat.com.
>
>  >
>
>  > Almost 1500 other zones on the same name server runs through bind 9.9.
>
>  > works perfectly internally and externally. Eg. Cyberia.net.sa.
>
>  >
>
>  > From Internally I can query it.. it is ok…
>
>    I'm not sure that you can safely say this.  From what I can see,
>
>    you seem to be using nslookup, which (in trying to be "helpful")
>
>    hides so much information that you cannot depend on the results
>
>    it gives.
>
>    I suggest you use the zonemaster tool (https://zonemaster.net/) to
>
>    run a comprehensive series of tests against the zone(s) which are
>
>    giving you trouble.
>
>    Best regards,
>
>    Niall O'Reilly

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20151214/91f8a743/attachment.bin>


More information about the bind-users mailing list