unalbe-to-query

Ejaz mejaz at cyberia.net.sa
Wed Dec 16 08:17:04 UTC 2015


Thank you  for all, it works for me after I adding "allow query {any;}" in
that zone.. 

Ejaz 

-----Original Message-----
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Reindl Harald
Sent: Monday, December 14, 2015 12:57 PM
To: bind-users at lists.isc.org
Subject: Re: unalbe-to-query



Am 14.12.2015 um 10:47 schrieb Ejaz:
> Thank you so much for your  response.. see this the error what I have 
> when I check from zonemaster.net
>
> Name server ns1.cyberia.net.sa/212.119.92.5 did not return NS records.
> RCODE was REFUSED.

nameserver refuses to respond


[harry at rh:~]$ dig SOA arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> SOA arabsat.com
@ns1.cyberia.net.sa.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 51257 ;; flags: qr rd;
QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion
requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com.                   IN      SOA

;; Query time: 138 msec
;; SERVER: 212.119.92.5#53(212.119.92.5) ;; WHEN: Mo Dez 14 10:52:50 CET
2015 ;; MSG SIZE  rcvd: 40

[harry at rh:~]$ dig NS arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> NS arabsat.com
@ns1.cyberia.net.sa.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 58984 ;; flags: qr rd;
QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion
requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com.                   IN      NS

;; Query time: 104 msec
;; SERVER: 212.119.92.5#53(212.119.92.5) ;; WHEN: Mo Dez 14 10:53:10 CET
2015 ;; MSG SIZE  rcvd: 40

> Whereas, when I check for SOA of arabsat.com from inside network. 
> Seems everything is ok..
>
> host -t soa arabsat.com
>
> arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa.
> 2015121472 43200 4320 1209600 600

get rid of "host" and "nslookup", i see the same result while the zone is
*not* proper operational as you can see above with dig and "status: 
REFUSED"

[harry at rh:~]$ host -t soa arabsat.com
arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa. 
2015121472 43200 4320 1209600 600

> Please advise  how can I trouble shoot

remove restrictions on your nameserver for public zones, if you don't know
how it is configured or don't understand the config post it - we can't help
when we don't have no insight

> -----Original Message-----
> From: Niall O'Reilly [mailto:niall.oreilly at ucd.ie]
> Sent: Monday, December 14, 2015 12:13 PM
> To: Ejaz <mejaz at cyberia.net.sa>
> Cc: bind-users at lists.isc.org
> Subject: Re: unalbe-to-query
>
> On Mon, 14 Dec 2015 06:59:12 +0000,
>
> Ejaz wrote:
>
>  >
>
>  > Hi all,
>
>  >
>
>  > We are one of the leading ISP of Saudi Arabia. Installed latest
>
>  > version of bind and smbind inorder manage the zones over the Web
>
>  > interface.
>
>  >
>
>  > Wonder is that, the zones which configured through smbind cannot be
>
>  > seen from the outside world.. locally it is fine. For an example
>
>  > arabsat.com.
>
>  >
>
>  > Almost 1500 other zones on the same name server runs through bind 9.9.
>
>  > works perfectly internally and externally. Eg. Cyberia.net.sa.
>
>  >
>
>  > From Internally I can query it.. it is ok.
>
>    I'm not sure that you can safely say this.  From what I can see,
>
>    you seem to be using nslookup, which (in trying to be "helpful")
>
>    hides so much information that you cannot depend on the results
>
>    it gives.
>
>    I suggest you use the zonemaster tool (https://zonemaster.net/) to
>
>    run a comprehensive series of tests against the zone(s) which are
>
>    giving you trouble.
>
>    Best regards,
>
>    Niall O'Reilly




More information about the bind-users mailing list