Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: killmasta93 on December 21, 2021, 05:25:50 am
-
Hi i was wondering if someone else has had this issue before,
Recently the server was working fine but im getting to see this error
root@apolo:~# service bind9 status
● bind9.service - BIND Domain Name Server
Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-12-20 23:13:55 -05; 8min ago
Docs: man:named(8)
Main PID: 2774 (named)
Tasks: 4 (limit: 2279)
CGroup: /system.slice/bind9.service
└─2774 /usr/sbin/named -f -u bind -4
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#46042 (www.google.com): query (cache) 'www.google.com/A/IN' denied
Dec 20 23:22:17 apolo named[2774]: client @0x7f29ad10e650 192.168.60.2#33027 (www.google.com): query (cache) 'www.google.com/AAAA/IN' denied
its when i try to connect to VPN which i use openvpn pfsense, whcih it does not let me navigate, but whats odd it was working fine before
-
Hi,
I think you need to add the parameter 'allow-query-cache' option in the configuration file 'named.conf.options' from Bind9 module and allow your network '192.168.60.0', below you have a link where the option is explained.
* http://www.zytrax.com/books/dns/ch7/queries.html#allow-query-cache
Hope it helps.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
-
Thanks for the reply,
This is my config i currently i have
its currently trusted
options {
sortlist {
192.168.1.0/24;
};
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
//query-source address * port 53;
//transfer-source * port 53;
//notify-source * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
forward first;
forwarders {
8.8.8.8;
};
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
auth-nxdomain no; # conform to RFC1035
allow-query { any; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
allow-transfer { internal-local-nets; };
};
logging { category lame-servers { null; }; };
-
Hi,
Did you try to set 'any' to those 'allow-' options temporarily? Just to check if the messages disappear.
--
“This world is ours, and by the Holy Light we will keep it safe, now and forever".
-
Thanks for the reply, it seems that changing the DNS forwarders to my pfsense seemed to fix the issue