unalbe-to-query
Ejaz
mejaz at cyberia.net.sa
Wed Dec 16 08:17:04 UTC 2015
Thank you for all, it works for me after I adding "allow query {any;}" in
that zone..
Ejaz
-----Original Message-----
From: bind-users-bounces at lists.isc.org
[mailto:bind-users-bounces at lists.isc.org] On Behalf Of Reindl Harald
Sent: Monday, December 14, 2015 12:57 PM
To: bind-users at lists.isc.org
Subject: Re: unalbe-to-query
Am 14.12.2015 um 10:47 schrieb Ejaz:
> Thank you so much for your response.. see this the error what I have
> when I check from zonemaster.net
>
> Name server ns1.cyberia.net.sa/212.119.92.5 did not return NS records.
> RCODE was REFUSED.
nameserver refuses to respond
[harry at rh:~]$ dig SOA arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> SOA arabsat.com
@ns1.cyberia.net.sa.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 51257 ;; flags: qr rd;
QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion
requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com. IN SOA
;; Query time: 138 msec
;; SERVER: 212.119.92.5#53(212.119.92.5) ;; WHEN: Mo Dez 14 10:52:50 CET
2015 ;; MSG SIZE rcvd: 40
[harry at rh:~]$ dig NS arabsat.com @ns1.cyberia.net.sa.
; <<>> DiG 9.10.3-RedHat-9.10.3-2.fc23 <<>> NS arabsat.com
@ns1.cyberia.net.sa.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 58984 ;; flags: qr rd;
QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion
requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;arabsat.com. IN NS
;; Query time: 104 msec
;; SERVER: 212.119.92.5#53(212.119.92.5) ;; WHEN: Mo Dez 14 10:53:10 CET
2015 ;; MSG SIZE rcvd: 40
> Whereas, when I check for SOA of arabsat.com from inside network.
> Seems everything is ok..
>
> host -t soa arabsat.com
>
> arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa.
> 2015121472 43200 4320 1209600 600
get rid of "host" and "nslookup", i see the same result while the zone is
*not* proper operational as you can see above with dig and "status:
REFUSED"
[harry at rh:~]$ host -t soa arabsat.com
arabsat.com has SOA record ns1.cyberia.net.sa. root.cyberia.net.sa.
2015121472 43200 4320 1209600 600
> Please advise how can I trouble shoot
remove restrictions on your nameserver for public zones, if you don't know
how it is configured or don't understand the config post it - we can't help
when we don't have no insight
> -----Original Message-----
> From: Niall O'Reilly [mailto:niall.oreilly at ucd.ie]
> Sent: Monday, December 14, 2015 12:13 PM
> To: Ejaz <mejaz at cyberia.net.sa>
> Cc: bind-users at lists.isc.org
> Subject: Re: unalbe-to-query
>
> On Mon, 14 Dec 2015 06:59:12 +0000,
>
> Ejaz wrote:
>
> >
>
> > Hi all,
>
> >
>
> > We are one of the leading ISP of Saudi Arabia. Installed latest
>
> > version of bind and smbind inorder manage the zones over the Web
>
> > interface.
>
> >
>
> > Wonder is that, the zones which configured through smbind cannot be
>
> > seen from the outside world.. locally it is fine. For an example
>
> > arabsat.com.
>
> >
>
> > Almost 1500 other zones on the same name server runs through bind 9.9.
>
> > works perfectly internally and externally. Eg. Cyberia.net.sa.
>
> >
>
> > From Internally I can query it.. it is ok.
>
> I'm not sure that you can safely say this. From what I can see,
>
> you seem to be using nslookup, which (in trying to be "helpful")
>
> hides so much information that you cannot depend on the results
>
> it gives.
>
> I suggest you use the zonemaster tool (https://zonemaster.net/) to
>
> run a comprehensive series of tests against the zone(s) which are
>
> giving you trouble.
>
> Best regards,
>
> Niall O'Reilly
More information about the bind-users
mailing list