After researching for while I havn't any clue what is going on ... I am running a secondary DNS server on Ubuntu Hardy with a ISPConfig 2 installation. If I try remote to resolve a configured DN (I use "example.com" here for this) I get a REFUSED error: Code: ; <<>> DiG 9.6.1-P2 <<>> @ispconfig.machi.ne example.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 6898 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;example.com. IN A ;; Query time: 13 msec ;; SERVER: xx.xxx.x.xxx#53(xx.xxx.x.xxx) ;; WHEN: Fri Dec 11 12:17:03 2009 ;; MSG SIZE rcvd: 30 If I do the same dig from a machine within the same C-subnet it gives the expected answer. Here is my netstat -tap, where "yyy.yyy.yyy.yy" is a second official IP for the machine: Code: Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 yyy.yyy.yyy.yy:domain *:* LISTEN 3058/named tcp 0 0 ispconfig.machi.ne.:domain *:* LISTEN 3058/named tcp 0 0 localhost.locald:domain *:* LISTEN 3058/named tcp 0 0 localhost.localdoma:953 *:* LISTEN 3058/named tcp6 0 0 ip6-localhost:953 [::]:* LISTEN 3058/named It looks like there is only local access on DNS, doesn't it? If I try from remote: Code: nmap -p 53,953 ispconfig.machi.ne I get the answer that port 53 is open and 953 is closed. My named.conf and my named.conf.options: The domains are all in named.conf.local and manually inserted. I think they are all OK, since times ago all this stuff has worked fine. Thanks very much for diving in. Help would be much appreciated.
Looks as if the zone wasn't transferred to the slave, and therefore it can't look it up since recursion is not allowed.
Problem solved Thanks, Falko. Yes, the recursion message was about bind couldn't find any transferred zone files and therefore would need to perform recursion, what was not allowed. At first glance this is not obvious. The intial problem was: I've installed ISPconfig on a machine, that was already in use as a manually managed secondary dns server. But ISPconfig has it's own way (compared to Debian and Ubuntu) to handle bind's configuration files; one big difference is, that ISPconfig doesn't split the bind configuration into parts like named.conf.options or named.conf.local and let these files finally be included in named.conf, but handle the whole thing in named.conf allone and throws existent includes inside it away. Another difference was the distribution way to place zone files below /var/cache/bind whereas ISPconfig has a UI-Setting for the zone files directory, which defaults to /etc/bind. This causes that my zone files got lost for bind's eyes and the recursion message appeared. So all this was a rather untypical problem and "handmade" in a certain way Thanks again for diving in.
