How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask Pete Your Own Question
Pete
Pete, Networking Engineer
Category: Networking
Satisfied Customers: 16706
Experience:  CISCO Certified Networking Engineer
30970729
Type Your Networking Question Here...
Pete is online now
A new question is answered every 9 seconds

Bind DNS error query refused. I go to query my domain name

Customer Question

Bind DNS error query refused . I go to query my domain name and it says refused when to look up host and also in the logs says denied from client
centos 7 Bind 9.94 version
zone file
$TTL 300
@ IN SOA ns1.dandsserver.net. hostmaster.dandsserver.net. (
(###) ###-####
1800
1800
(###) ###-####
3600 )
IN NS ns1.dandsserver.net.
IN NS ns2.dandsserver.net.
dandsserver.net. IN MX 10 mail.dandsserver.net.
ns1.dandsserver.net. IN A 158.69.60.224
ns2.dandsserver.net. IN A 158.69.60.224
ftp IN CNAME www.dandsserver.net.
www.dandsserver.net. IN A 158.69.60.224
mail.dandsserver.net. IN A 158.69.60.224
named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query {any;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders {
213.186.33.99;
};
forward first;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "," IN {
type master;
file "dandsserver.net";
allow-query { any; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Submitted: 1 year ago.
Category: Networking
Customer: replied 1 year ago.
zone files$TTL 300
@ IN SOA ns1.dandsserver.net. hostmaster.dandsserver.net. (
(###) ###-#### 1800
1800
(###) ###-#### 3600 )
IN NS ns1.dandsserver.net.
IN NS ns2.dandsserver.net.dandsserver.net. IN MX 10 mail.dandsserver.net.
ns1.dandsserver.net. IN A 158.69.60.224
ns2.dandsserver.net. IN A 158.69.60.224
ftp IN CNAME www.dandsserver.net.
www.dandsserver.net. IN A 158.69.60.224mail.dandsserver.net. IN A 158.69.60.224
Customer: replied 1 year ago.
zone file//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion no;dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders {
213.186.33.99;
};
forward first;
};logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};};zone "." IN {
type hint;
file "named.ca";};zone "," IN {
type master;
file "dandsserver.net";
allow-query { any; };
};include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Customer: replied 1 year ago.
says ignoring zone files in my log
Expert:  Pete replied 1 year ago.

Hi there,

Possibly your DNS server does not support inverse queries, or an access list is preventing the lookup.

Make sure you allow the host you're running on to query the name server.

Related Networking Questions