Zentyal Forum, Linux Small Business Server
Zentyal Server => Other modules => Topic started by: Leo Moss on June 15, 2021, 08:27:06 pm
-
Hello,
after update to zentyal 7.0.4 we are getting DNS: query refused on VPN subnets.
we modified /usr/share/zentyal/stubs/dns/named.conf.local.mas and added the subnets without luck.
Any ideas? :)
-
I am having the same issue after restarting the DNS module.
This is what the syslog is showing. It is streaming these 'denied' messages all the time as the workstations make DNS calls
Jul 14 12:23:48 zdomain named[569313]: client @0x7fc06801a410 172.16.1.41#61070 (perr.h-cdn.com): query (cache) 'perr.h-cdn.com/A/IN' denied
Jul 14 12:23:49 zdomain named[569313]: client @0x7fc060050890 172.16.1.53#56381 (www.gstatic.com): query (cache) 'www.gstatic.com/A/IN' denied
Jul 14 12:23:50 zdomain named[569313]: client @0x7fc06801a410 172.16.1.162#56110 (www.facebook.com): query (cache) 'www.facebook.com/A/IN' denied
This is what I get when I try to do an nslookup from the workstations
[HostName].[Domainname].lan can't find google.com; query refused
***************Update***************
FYI - I went back and tried adding my vLANs to /usr/share/zentyal/stubs/dns/named.conf.local.mas restarted the DNS and it DID start working fine.
-
What you have exactly added to named.conf.local?
I have there among trusted sources localnets, the VPN range is on local tap interface, but queries from VPN are refused. The .mas has also
acl "internal-local-nets" {
% foreach my $net (@internalLocalNets) {
<% $net %>;
% }
};
but I did not found a way to get a VPN ranges into "internalLocalNets" - not sure how zentyal distiguishes this. So you have added directly your VPN IP range somewhere?
Thanks