Dig returns "status: REFUSED" for external queries?
- by Mikey
I can't seem to work out why my DNS isn't working properly, if I run dig from the nameserver it functions correctly:
# dig ungl.org
; <<>> DiG 9.5.1-P2.1 <<>> ungl.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24585
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 1
;; QUESTION SECTION:
;ungl.org. IN A
;; ANSWER SECTION:
ungl.org. 38400 IN A 188.165.34.72
;; AUTHORITY SECTION:
ungl.org. 38400 IN NS ns.kimsufi.com.
ungl.org. 38400 IN NS r29901.ovh.net.
;; ADDITIONAL SECTION:
ns.kimsufi.com. 85529 IN A 213.186.33.199
;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Mar 13 01:04:06 2010
;; MSG SIZE rcvd: 114
but when I run it from another server in the same datacenter I receive:
# dig @87.98.167.208 ungl.org
; <<>> DiG 9.5.1-P2.1 <<>> @87.98.167.208 ungl.org
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 18787
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;ungl.org. IN A
;; Query time: 1 msec
;; SERVER: 87.98.167.208#53(87.98.167.208)
;; WHEN: Sat Mar 13 01:01:35 2010
;; MSG SIZE rcvd: 26
my zone file for this domain is
$ttl 38400
ungl.org. IN SOA r29901.ovh.net. mikey.aol.com. (
201003121
10800
3600
604800
38400 )
ungl.org. IN NS r29901.ovh.net.
ungl.org. IN NS ns.kimsufi.com.
ungl.org. IN A 188.165.34.72
localhost. IN A 127.0.0.1
www IN A 188.165.34.72
and the named.conf.options is default:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { ::1; };
listen-on { 127.0.0.1; };
allow-recursion { 127.0.0.1; };
};
named.conf.local:
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
// include "/etc/bind/zones.rfc1918";
zone "eugl.eu" {
type master;
file "/etc/bind/eugl.eu";
notify no;
};
zone "ungl.org" {
type master;
file "/etc/bind/ungl.org";
notify no;
};
The server is running Ubuntu 9.10 and Bind 9, if anyone can shed some light on this for me it'd make me very happy!
thanks
