Ask Your Question
0

designate bind setup denying queries.... mitaka [closed]

asked 2016-11-18 16:42:17 -0500

updated 2016-11-18 16:49:55 -0500

I cant seem to find a solution to this error anywhere:

setup designate service and bind dns server with rndc keys things seem to be on the up and up until i try to query a record from the bind server.... Notice the status REFUSED.....

client 10.1.13.251#58036 (google.com): query (cache) 'google.com/A/IN' denied

this is what i have so far. Any ideas.

[root@platform2 ~]# dig @10.1.13.251 google.com

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> @10.1.13.251 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 28284
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.                    IN      A

;; Query time: 0 msec
;; SERVER: 10.1.13.251#53(10.1.13.251)
;; WHEN: Fri Nov 18 17:35:43 EST 2016
;; MSG SIZE  rcvd: 39

[root@platform2 ~]# tail -f /var/named/data/named.run
zone 0.in-addr.arpa/IN: loaded serial 0
all zones loaded
running
error (network unreachable) resolving './DNSKEY/IN': 2001:dc3::35#53
error (network unreachable) resolving './NS/IN': 2001:dc3::35#53
error (network unreachable) resolving './DNSKEY/IN': 2001:7fe::53#53
error (network unreachable) resolving './NS/IN': 2001:7fe::53#53
error (network unreachable) resolving './DNSKEY/IN': 2001:503:ba3e::2:30#53
error (network unreachable) resolving './NS/IN': 2001:503:ba3e::2:30#53
client 10.1.13.251#58036 (google.com): query (cache) 'google.com/A/IN' denied

Queries to localhost seem to work:

[root@platform2 ~]# dig -x @localhost localhost

; <<>> DiG 9.9.4-RedHat-9.9.4-29.el7_2.4 <<>> -x @localhost localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52375
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;\@localhost.in-addr.arpa.      IN      PTR

;; AUTHORITY SECTION:
in-addr.arpa.           3600    IN      SOA     b.in-addr-servers.arpa. nstld.iana.org. 2016110705 1800 900 604800 3600

;; Query time: 18 msec
;; SERVER: 10.1.13.1#53(10.1.13.1)
;; WHEN: Fri Nov 18 17:47:07 EST 2016
;; MSG SIZE  rcvd: 120

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13973
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;localhost.                     IN      A

;; ANSWER SECTION:
localhost.              0       IN      A       127.0.0.1

;; Query time: 23 msec
;; SERVER: 10.1.13.1#53(10.1.13.1)
;; WHEN: Fri Nov 18 17:47:07 EST 2016
;; MSG SIZE  rcvd: 54

[root@platform2 ~]#
edit retag flag offensive reopen merge delete

Closed for the following reason the question is answered, right answer was accepted by bcollins
close date 2016-12-10 00:07:10.040472

1 answer

Sort by ยป oldest newest most voted
0

answered 2016-12-10 00:06:46 -0500

use bind-chroot package instead....

edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2016-11-18 16:42:17 -0500

Seen: 184 times

Last updated: Dec 10 '16