Author Topic: Zentyal 7 DNS: QUERY REFUSED  (Read 887 times)

Leo Moss

  • Zen Apprentice
  • *
  • Posts: 14
  • Karma: +0/-0
    • View Profile
Zentyal 7 DNS: QUERY REFUSED
« on: June 15, 2021, 08:27:06 pm »
Hello,
        after update to zentyal 7.0.4 we are getting DNS: query refused on VPN subnets.
we modified /usr/share/zentyal/stubs/dns/named.conf.local.mas and added the subnets without luck.

Any ideas? :)
 
« Last Edit: June 15, 2021, 11:08:07 pm by Leo Moss »

kcurtis

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +5/-0
    • View Profile
Re: Zentyal 7 DNS: QUERY REFUSED
« Reply #1 on: July 14, 2021, 07:37:34 pm »
I am having the same issue after restarting the DNS module.

This is what the syslog is showing. It is streaming these 'denied' messages all the time as the workstations make DNS calls
Code: [Select]
Jul 14 12:23:48 zdomain named[569313]: client @0x7fc06801a410 172.16.1.41#61070 (perr.h-cdn.com): query (cache) 'perr.h-cdn.com/A/IN' denied
Jul 14 12:23:49 zdomain named[569313]: client @0x7fc060050890 172.16.1.53#56381 (www.gstatic.com): query (cache) 'www.gstatic.com/A/IN' denied
Jul 14 12:23:50 zdomain named[569313]: client @0x7fc06801a410 172.16.1.162#56110 (www.facebook.com): query (cache) 'www.facebook.com/A/IN' denied

This is what I get when I try to do an nslookup from the workstations

Code: [Select]
[HostName].[Domainname].lan  can't find google.com; query refused

***************Update***************
FYI - I went back and tried adding my vLANs to /usr/share/zentyal/stubs/dns/named.conf.local.mas restarted the DNS and it DID start working fine.
« Last Edit: July 19, 2021, 01:31:38 pm by kcurtis »

covex

  • Zen Apprentice
  • *
  • Posts: 13
  • Karma: +3/-1
    • View Profile
Re: Zentyal 7 DNS: QUERY REFUSED
« Reply #2 on: October 06, 2021, 08:55:35 am »
What you have exactly added to named.conf.local?

I have there among trusted sources localnets, the VPN range is on local tap interface, but queries from VPN are refused. The .mas has also
acl "internal-local-nets" {
% foreach my $net (@internalLocalNets) {
    <% $net %>;
% }
};

but I did not found a way to get a VPN ranges into "internalLocalNets" - not sure how zentyal distiguishes this. So you have added directly your VPN IP range somewhere?

Thanks
« Last Edit: October 06, 2021, 08:58:38 am by covex »