<div dir="ltr">If you don't specify recursion (or query-cache or allow-query), then the default is:<div> allow-recursion (localnets; localhost;)<br></div><div><br></div><div>Which means only things on the connected subnets are allowed to make recursive queries, all others get REFUSED.</div><div>So add an allow-recursion ( .. subnet list ..); to your config. (Do not allow 'all', please.)</div><div><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><br>-- <br>Bob Harold<br>hostmaster, UMnet, ITcom<br>Information and Technology Services (ITS)<br><a href="mailto:rharolde@umich.edu" target="_blank">rharolde@umich.edu</a><br>734-647-6524 desk<br></div></div>
<br><div class="gmail_quote">On Wed, Jun 3, 2015 at 3:34 PM, Samad Agha <span dir="ltr"><<a href="mailto:samad.agha2007@gmail.com" target="_blank">samad.agha2007@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>I put together a simple working DNS server and called it new-dns2 with the IP address of 206.117.115.93. My configuration files follow:</div><div> </div><div>[root@new-dns2 ~]# cat /etc/named.conf<br>options {<br> directory "/var/named";<br> };</div><div>zone "0.0.127.in-addr.arpa" {<br> type master;<br> file "db.127.0.0";<br>};<br>[root@new-dns2 ~]# cat /var/named/db.127.0.0<br>$TTL 3D<br>@ IN SOA <a href="http://new-dns1.ci.glendale.ca.us" target="_blank">new-dns1.ci.glendale.ca.us</a> <a href="http://mchavoshi.glendaleca.gov" target="_blank">mchavoshi.glendaleca.gov</a>. (<br> 1 ; Serial<br> 8H ; Refresh<br> 2H ; Retry<br> 4W ; Expire<br> 1D) ; Minimum TTL<br> NS <a href="http://new-dns1.ci.glendale.ca.us" target="_blank">new-dns1.ci.glendale.ca.us</a>.<br>1 PTR localhost.<br>[root@new-dns2 ~]#</div><div> </div><div>So, when I query my new DNS server from itself (206.117.115.93), it resolves the name to an IP, but when I query my new DNS server from another Linux box, it fails with the following error message.</div><div> </div><div>[root@new-dns2 ~]# nslookup <a href="http://google.com" target="_blank">google.com</a> 206.117.115.93<br>Server: 206.117.115.93<br>Address: 206.117.115.93#53</div><div>Non-authoritative answer:<br>Name: <a href="http://google.com" target="_blank">google.com</a><br>Address: 216.58.217.206</div><div>[root@new-dns2 ~]#</div><div> </div><div>[root@oragrid01 ~]# nslookup <a href="http://google.com" target="_blank">google.com</a> 206.117.115.93<br>Server: 206.117.115.93<br>Address: 206.117.115.93#53</div><div>** server can't find <a href="http://google.com" target="_blank">google.com</a>: REFUSED</div><div>[root@oragrid01 ~]#</div><div> </div><div>I have stopped FireWall on new-dns2, my DNS server:</div><div> </div><div>[root@new-dns2 ~]# service iptables status<br>iptables: Firewall is not running.<br>[root@new-dns2 ~]#</div><div> </div><div>Can someone please tell me what might be the problem?</div><div> </div><div>Many thanks in advance and have a wonderful day/night.</div><div> </div><div>Sincerely,</div><div>Samad Agha</div></div>
<br>_______________________________________________<br>
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br></blockquote></div><br></div>