[opensuse] bind suddenly refusing queries
Hello, Don't know how this happened, but all of a sudden our internal name server is now rejecting lookups of our domains (internal use, not public) c:\>nslookup smtp Server: bind.ourdomain.com Address: 192.168.2.50 *** bind.ourdomain.com can't find smtp: Query refused 'named' is running. How can I fix this? Thank you, James -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James D. Parra wrote:
Hello,
Don't know how this happened, but all of a sudden our internal name server is now rejecting lookups of our domains (internal use, not public)
c:\>nslookup smtp Server: bind.ourdomain.com Address: 192.168.2.50
*** bind.ourdomain.com can't find smtp: Query refused
# dig ourdomain.com ; <<>> DiG 9.4.1-P1 <<>> ourdomain.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21981 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;ourdomain.com. IN A ;; ANSWER SECTION: ourdomain.com. 86400 IN A 65.23.154.93 ;; AUTHORITY SECTION: ourdomain.com. 84737 IN NS ns.tradenames.com. ourdomain.com. 84737 IN NS host.tradenames.com. Have you tried these nameservers? They are responsible for ourdomain.com. In case of bad obfuscation: please use "example.com|example.net" etc., they are reserved for that purpose.
'named' is running. How can I fix this?
What did you change? Something must have been changed to deny the queries. In /etc/named.conf: options { # [...] allow-query { 192.168.0/24; 127.0.0.0/8; } ; # [...] }; This has to be adapted for your network. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-03-01 at 22:32 +0100, Sandy Drobic wrote:
Have you tried these nameservers? They are responsible for ourdomain.com.
In case of bad obfuscation: please use "example.com|example.net" etc., they are reserved for that purpose.
But "example.com" also exists: cer@nimrodel:~> host example.com example.com has address 208.77.188.166 cer@nimrodel:~> ping example.com PING example.com (208.77.188.166) 56(84) bytes of data. 64 bytes from www.example.com (208.77.188.166): icmp_seq=1 ttl=52 time=254 ms 64 bytes from www.example.com (208.77.188.166): icmp_seq=2 ttl=52 time=253 ms --- example.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 253.902/254.376/254.851/0.692 ms
'named' is running. How can I fix this?
What did you change? Something must have been changed to deny the queries.
I think I have seen this problem once and had to restart the service. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHyex5tTMYHG2NR9URAtPlAJ9DjcxWrBnodB4KnZuYwORj2aEodwCgkmmO jQNHalKFe65ZR0I6vIKj+IA= =qx9a -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. wrote:
The Saturday 2008-03-01 at 22:32 +0100, Sandy Drobic wrote:
Have you tried these nameservers? They are responsible for ourdomain.com.
In case of bad obfuscation: please use "example.com|example.net" etc., they are reserved for that purpose.
But "example.com" also exists:
cer@nimrodel:~> host example.com example.com has address 208.77.188.166 cer@nimrodel:~> ping example.com PING example.com (208.77.188.166) 56(84) bytes of data. 64 bytes from www.example.com (208.77.188.166): icmp_seq=1 ttl=52 time=254 ms 64 bytes from www.example.com (208.77.188.166): icmp_seq=2 ttl=52 time=253 ms
Have a look at http://www.example.com: You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser. These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3. -- Sandy List replies only please! Please address PMs to: news-reply2 (@) japantest (.) homelinux (.) com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-03-02 at 01:48 +0100, Sandy Drobic wrote:
In case of bad obfuscation: please use "example.com|example.net" etc., they are reserved for that purpose.
But "example.com" also exists:
...
Have a look at http://www.example.com:
You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.
These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3.
Curious! I thought that you meant they were reserved not to exist. I see there are more: .test .example .invalid .localhost But http://invalid.com does exist and work. Perhaps I understood it wrong. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHygOOtTMYHG2NR9URAjHIAJ0RC0k1HI/65PgFdr/FGC3wH0GgCwCdFYws DiBx4ZNPkKfyeiX5sYxwCLE= =3Qy3 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 01 March 2008 07:31:46 pm Carlos E. R. wrote:
... I see there are more:
.test .example .invalid .localhost
But http://invalid.com does exist and work. Perhaps I understood it wrong.
It seems to me nothing more than parked domain. -- Regards, Rajko. See http://en.opensuse.org/Portal -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. pecked at the keyboard and wrote:
Have a look at http://www.example.com:
You have reached this web page by typing "example.com", "example.net", or "example.org" into your web browser.
These domain names are reserved for use in documentation and are not available for registration. See RFC 2606, Section 3.
Curious! I thought that you meant they were reserved not to exist.
I see there are more:
.test .example .invalid .localhost
But http://invalid.com does exist and work. Perhaps I understood it wrong.
But it is not the same. domain.invalid is not a valid domain name but invalid.com is. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Saturday 2008-03-01 at 23:24 -0500, Ken Schneider wrote:
Curious! I thought that you meant they were reserved not to exist.
I see there are more:
.test .example .invalid .localhost
But http://invalid.com does exist and work. Perhaps I understood it wrong.
But it is not the same. domain.invalid is not a valid domain name but invalid.com is.
Then, they are not implemented. Both "invalid" and "test" give the same answer: cer@nimrodel:~> dig invalid ; <<>> DiG 9.4.1-P1 <<>> invalid ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35168 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;invalid. IN A ;; AUTHORITY SECTION: . 507 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008030100 1800 900 604800 86400 ;; Query time: 9 msec ;; SERVER: 192.168.1.12#53(192.168.1.12) ;; WHEN: Sun Mar 2 11:05:07 2008 ;; MSG SIZE rcvd: 100 cer@nimrodel:~> dig test ; <<>> DiG 9.4.1-P1 <<>> test ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16595 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;test. IN A ;; AUTHORITY SECTION: . 432 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2008030100 1800 900 604800 86400 ;; Query time: 9 msec ;; SERVER: 192.168.1.12#53(192.168.1.12) ;; WHEN: Sun Mar 2 11:06:16 2008 ;; MSG SIZE rcvd: 97 cer@nimrodel:~> dig com ; <<>> DiG 9.4.1-P1 <<>> com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38869 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;com. IN A ;; AUTHORITY SECTION: com. 495 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. 1204452278 1800 900 604800 900 ;; Query time: 9 msec ;; SERVER: 192.168.1.12#53(192.168.1.12) ;; WHEN: Sun Mar 2 11:06:40 2008 ;; MSG SIZE rcvd: 94 cer@nimrodel:~> - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHynz4tTMYHG2NR9URAoPVAJ9cPm419EvSV+mygABz7DuksTvP8wCgiOVF EjI58R7YNxfu2Oa/9hfBEtQ= =qy7u -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Carlos E. R. pecked at the keyboard and wrote:
The Saturday 2008-03-01 at 23:24 -0500, Ken Schneider wrote:
Curious! I thought that you meant they were reserved not to exist.
I see there are more:
.test .example .invalid .localhost
These are not allowed as top level domains such as .org .com. and .net are. There are no rules that say you cannot register test.com or example.com that I know of. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-03-02 at 08:10 -0500, Ken Schneider wrote:
I see there are more:
.test .example .invalid .localhost
These are not allowed as top level domains such as .org .com. and .net are.
http://www.rfc-editor.org/rfc/rfc2606.txt says they are.
There are no rules that say you cannot register test.com or example.com that I know of.
Example.com can not be registered. Try! - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFHyq23tTMYHG2NR9URAtRpAJ4wQXk1HVmZXP3yHRwCXh1KTHBg7QCfW/JR Z1iLHQ+efsGKARxJ5E7h284= =KiqS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (5)
-
Carlos E. R. -
James D. Parra -
Ken Schneider -
Rajko M. -
Sandy Drobic