[The Perfect Server - Debian Squeeze - ISPConfig 3] - Connection Refused by Bind

Hi,

I've been having a problem with bind since a few days ago, I have a multiple server setup according to the manual, but following the squeeze perfect setup.

Now when I tried to do:

Code:

dig @ns1.example.com testdomain.com

All that I can get is:

Code:

; <<>> DiG 9.7.3 <<>> @ns1.example.com testdomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 45017
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available

However when I execute the same query from localhost it works perfectly:

Code:

dig @localhost testdomain.com
; <<>> DiG 9.7.3 <<>> @localhost testdomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26342
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;doso3.com.ar.			IN	A

;; ANSWER SECTION:
testdomain.com.		83362	IN	A	192.168.10.12

;; AUTHORITY SECTION:
testdomain.com.		83362	IN	NS	@ns1.example.com.

;; ADDITIONAL SECTION:
@ns1.example.com. 562	IN	A	192.168.10.93

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Apr 13 04:54:43 2011
;; MSG SIZE  rcvd: 100

Am I doing something wrong? I've been looking at "netstat -tlpn" but I can see that "named" is running on the external IP address:

Code:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:47374           0.0.0.0:*               LISTEN      614/rpc.statd   
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      602/portmap     
tcp        0      0 192.168.10.93:53        0.0.0.0:*               LISTEN      31994/named     
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      31994/named     
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      841/sshd        
tcp        0      0 127.0.0.1:953           0.0.0.0:*               LISTEN      31994/named     
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1090/exim4      
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      31296/mysqld    
tcp6       0      0 :::53                   :::*                    LISTEN      31994/named     
tcp6       0      0 :::22                   :::*                    LISTEN      841/sshd        
tcp6       0      0 ::1:953                 :::*                    LISTEN      31994/named     
tcp6       0      0 ::1:25                  :::*                    LISTEN      1090/exim4      

Any help will be really appreciated.

Greetings!
Gonzalo.

 

After a few thoughts I've check under syslog and found this:

Code:

Apr 13 05:06:35 ns1 named[31994]: client [MY_HOME_IP_ADDRESS]#59501: query (cache) 'testdomain.com/A/IN' denied

 

I was able to solve this problem! ^_^! After googling a lot I found that I have to add the following to the file /etc/bind/named.conf.options:

Code:

allow-query { any; };

Could some tell me if this "safe" to made, I really think that the problem should be another one...

Greetings!
Gonzalo.