Sorry your thread was sitting, I just joined and maybe I can help.
From the error this is a recursion setting, your inside server is trying to do look ups and being denied (which you knew) I think it might be related to changes in the named.conf noted here:
2206. [security] "allow-query-cache" and "allow-recursion" now
cross inherit from each other.
If allow-query-cache is not set in named.conf then
allow-recursion is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost is used.
If allow-recursion is not set in named.conf then
allow-query-cache is used if set, otherwise allow-query
is used if set, otherwise the default (localnets;
localhost is used.
Are you using allow-recursion? or allow-query-source, are you using any sort of match clients or anything like that? (a snip of the named.conf would help).
Quote:
Originally Posted by robsonde
so we had bind 9.3.0...
we upgraded to 9.5.0 patch 1
we kept the exact same named.conf
now we have a problem that some DMZ server cant do lookups from our DNS slave anymore.
Just recently we have been having some dns issues. Some websites won't work i.e. (www.msn.com, aimexpress.aim.com...) I have manually put A records in my named.db file and in the hosts file to try to get it to work but still they do not work. I have looked up updating my named.ca file for the... (1 Reply)
Hello all,
I've a very strange thing hapenning in my Sys, I've configured the IP, DNS eveything for my internat connection, but Im only able to browse Redhat.com websites.
I cant open anyother site!!! :eek:
Im sure the internet is configured 'coz it displays the list of avail updates for... (11 Replies)
Hi again guys,
It seems this is a global thing affecting all the DNS bind versions prior to July 28 2008. I have my work cut out for me very soon, I see at least a handful of servers in my list that either need to patching or upgrading.
How many of you guys are affected? Anybody successfully... (4 Replies)
Hello guys, can anyone help me with the below error I'm getting from bind9? I'm trying to make bind read all the zone info from openldap, I have already created the schema and I've put some info into the ldap. I have also tried to google the error with no success.
I'm aware there is an problem... (1 Reply)
Hi all
Long time no speak, I hope you are all well.
Im looking at a DNS issue here and reckon Igot a AD / DNS server issue elsewhere but need to rule out the configuration of my two server's first.
IVe got the nameserver enteries in /etc/resolv.conf and dns in the /etc/nsswitch.conf
... (2 Replies)
Hi Guys,
Just wanted to seek your assistance on an issue encountered with one of our client DNS server query. we have 2 sets of DNS servers.. internal and external. For Internal to reach the external DNS server (DMZ) it has to go through 2 FWs.
Current settings:
- FW rules for Internal... (3 Replies)
I have configured a Bind9 DNS on a X4270 machine with Solaris10
I am excuting some repformance tests with DNSPERF tool and maximun CPU usage is 23%. I have seen with
prstat -L -p PID
that named process usses only 2 of the 8 available CPU at the same time although threads for all CPUs exist.... (2 Replies)
I am having a bit of trouble getting my CENTOS 6.5 DNS server to work correctly in our testlab environment. Lab network is 10.8.0.0/24 in which we all access from 10.7.0.0.0/24 && 10.0.0.0/24. Here are my configs:
options {
listen-on port 53 { 127.0.0.1; 10.8.0.19;};
#listen-on-v6 port 53 {... (2 Replies)
Hi all,
I've a litte problem to get rollerd running and signing my zones if the ZSK of my zones are near expiring or expired.
rollerd is running but do nothing
startet with:
/usr/bin/perl /usr/sbin/rollerd -rrfile /etc/bind/all.rollrec -directory /etc/bind -logfile /dev/stdout
... (1 Reply)
Discussion started by: xabbu
1 Replies
LEARN ABOUT SUNOS
host
host(1M) System Administration Commands host(1M)NAME
host - DNS lookup utility
SYNOPSIS
host [-aCdlnrTvw] [-c class] [-N ndots] [-R number] [-t type] [-W wait] name [server]
DESCRIPTION
The host utility performs simple DNS lookups. It is normally used to convert names to IP addresses and IP addresses to names. When no argu-
ments or options are given, host prints a short summary of its command line arguments and options.
The name argument is the domain name that is to be looked up. It can also be a dotted-decimal IPv4 address or a colon-delimited IPv6
address, in which case host by default performs a reverse lookup for that address. The optional server argument is either the name or IP
address of the name server that host should query instead of the server or servers listed in /etc/resolv.conf.
OPTIONS
The following options are supported:
-a Equivalent to setting the -v option and asking host to make a query of type ANY.
-c class Make a DNS query of class class. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is
IN (Internet).
-C Attempt to display the SOA records for zone name from all the listed authoritative name servers for that zone. The list of
name servers is defined by the NS records that are found for the zone.
-d Generate verbose output. This option is equivalent to -v. These two options are provided for backward compatibility. In
previous versions, the -d option switched on debugging traces and -v enabled verbose output.
-l List mode. This option makes host perform a zone transfer for zone name. The argument is provided for compatibility with
previous implementations. This option is equivalent to making a query of type AXFR.
-n Specify that reverse lookups of IPv6 addresses should use the IP6.INT domain and "nibble" labels as defined in RFC1886. The
default is to use IP6.ARPA and binary labels as defined in RFC2874.
-N ndots Set the number of dots that have to be in name for it to be considered absolute. The default value is that defined using
the ndots statement in /etc/resolv.conf, or 1 if no ndots statement is present. Names with fewer dots are interpreted as
relative names and will be searched for in the domains listed in the search or domain directive in /etc/resolv.conf.
-r Make a non-recursive query. Setting this option clears the RD (recursion desired) bit in the query made by host. The name
server receiving the query does not attempt to resolve name. The -r option enables host to mimic the behaviour of a name
server by making non-recursive queries and expecting to receive answers to those queries that are usually referrals to
other name servers.
-R number Change the number of UDP retries for a lookup. The number argument indicates how many times host will repeat a query that
does not get answered. The default number of retries is 1. If number is negative or zero, the number of retries will
default to 1.
-t type Select the query type. The type argument can be any recognised query type: CNAME, NS, SOA, SIG, KEY, and AXFR, among oth-
ers. When no query type is specified, host automatically selects an appropriate query type. By default it looks for A
records, but if the -C option is specified, queries are made for SOA records. If name is a dotted-decimal IPv4 address or
colon-delimited IPv6 address, host queries for PTR records.
-T Use a TCP connection when querying the name server. TCP is automatically selected for queries that require it, such as zone
transfer (AXFR) requests. By default host uses UDP when making queries.
-v Generate verbose output. This option is equivalent to -d.
-w Wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's max-
imum value for an integer quantity.
-W wait Wait for wait seconds for a reply. If wait is less than one, the wait interval is set to one second.
FILES
/etc/resolv.conf Resolver configuration file
ATTRIBUTES
See for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|Availability |SUNWbind9 |
|Interface Stability |External |
+-----------------------------+-----------------------------+
SEE ALSO dig(1M), named(1M), attributes(5)NOTES
Source for BIND9 is available in the SUNWbind9S package.
SunOS 5.10 15 Dec 2004 host(1M)
08-14-2008
is used.