#1  
Old 8th April 2010, 11:20
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 284
Thanks: 78
Thanked 7 Times in 6 Posts
Question DNS query denied

Hello!

I have ISPConfig 2.2.35. Ubuntu 9.10
One client want to use google.com MX servers.
In ISPConfig I wrote DNS records of Google.com MX and SPF for google.com.
But after that I have this log:
Code:
Apr  7 20:02:38 itex named[28098]: client 121.121.195.94#23332: query (cache) 'ALT1.ASPMX.L.GOOGLE.COM/A/IN' denied
Apr  7 20:02:39 itex named[28098]: client 121.121.195.94#23369: query (cache) 'ALT2.ASPMX.L.GOOGLE.COM/A/IN' denied
Apr  7 20:02:40 itex named[28098]: client 121.121.195.94#23386: query (cache) 'ASPMX.L.GOOGLE.COM/A/IN' denied
Apr  7 20:02:40 itex named[28098]: client 190.84.67.181#60549: query (cache) 'ASPMX.L.GOOGLE.com/A/IN' denied
Apr  7 20:02:41 itex named[28098]: client 121.121.195.94#23407: query (cache) 'ASPMX2.GOOGLEMAIL.COM/A/IN' denied
Apr  7 20:02:42 itex named[28098]: client 190.84.67.181#60565: query (cache) 'aspmx.googlemail.com/A/IN' denied
Apr  7 20:02:43 itex named[28098]: client 121.121.195.94#23435: query (cache) 'ASPMX3.GOOGLEMAIL.COM/A/IN' denied
Apr  7 20:02:43 itex named[28098]: client 190.84.67.181#60586: query (cache) 'ASPMX2.googlemail.com/A/IN' denied
Apr  7 20:02:44 itex named[28098]: client 121.121.195.94#23452: query (cache) 'ASPMX4.GOOGLEMAIL.COM/A/IN' denied
Apr  7 20:02:44 itex named[28098]: client 190.84.67.181#60618: query (cache) 'ASPMX3.googlemail.com/A/IN' denied
Apr  7 20:02:45 itex named[28098]: client 121.121.195.94#23466: query (cache) 'ASPMX5.GOOGLEMAIL.COM/A/IN' denied
Apr  7 20:02:45 itex named[28098]: client 190.84.67.181#60648: query (cache) 'ASPMX4.googlemail.com/A/IN' denied
Apr  7 20:02:46 itex named[28098]: client 190.84.67.181#60666: query (cache) 'ASPMX5.googlemail.com/A/IN' denied
Apr  7 20:02:47 itex named[28098]: client 190.84.67.181#60697: query (cache) 'ALT1.ASPMX.L.GOOGLE.com/A/IN' denied
Apr  7 20:02:48 itex named[28098]: client 190.84.67.181#60715: query (cache) 'ALT2.ASPMX.L.GOOGLE.com/A/IN' denied
Zonefile of this client is:
Code:
$TTL        86400
@       IN      SOA     ns.domain.com. support.domain.com. (
                        2010040601       ; serial, todays date + todays serial #
                        10800              ; refresh, seconds
                        3600              ; retry, seconds
                        604800              ; expire, seconds
                        86400 )            ; minimum, seconds
;
                NS      ns.domain.com.              ; Inet Address of name server 1
                NS      ns2.domain.com.              ; Inet Address of name server 2
;

  MX      10 ASPMX4.GOOGLEMAIL.COM.
  MX      10 ASPMX3.GOOGLEMAIL.COM.
  MX      10 ASPMX2.GOOGLEMAIL.COM.
  MX      10 aspmx.googlemail.com.
  MX      10 ALT2.ASPMX.L.GOOGLE.COM.
  MX      10 ALT1.ASPMX.L.GOOGLE.COM.
  MX      10 ASPMX.L.GOOGLE.COM.
  MX      10 ASPMX5.GOOGLEMAIL.COM.

domain.com.      A        123.123.123.123
www       A       123.123.123.123

mail       CNAME  ghs.google.com.

domain.com.       TXT  "v=spf1 a mx ptr mx:aspmx.googlemail.com include:aspmx.googlemail.com ~all"

;;;; MAKE MANUAL ENTRIES BELOW THIS LINE! ;;;;
Any ideas?

Thnks!
Reply With Quote
Sponsored Links
  #2  
Old 9th April 2010, 13:34
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
Default

What's in /etc/resolv.conf?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 10th April 2010, 13:48
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 284
Thanks: 78
Thanked 7 Times in 6 Posts
Default

Code:
domain domain.com
search domain.com
nameserver 127.0.0.1
nameserver 192.168.123.110
Reply With Quote
The Following User Says Thank You to Captain For This Useful Post:
feeninuoumn (19th December 2013)
  #4  
Old 11th April 2010, 11:43
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
Default

Quote:
nameserver 127.0.0.1
I guess your local DNS server doesn't allow recursive queries. Please use your ISP's nameservers in /etc/resolv.conf instead of 127.0.0.1.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 12th April 2010, 13:56
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 284
Thanks: 78
Thanked 7 Times in 6 Posts
Default

Ok thnks.

I have too DNS servers:

1. it is my DNS BIND9 with IP: 123.123.123.123
2. it is my ISP's DNS server IP: 234.234.234.234

Now I use to servers for my hosting panel ISPConfig 2.

Why I can't use my DNS server?

Know my /etc/resolv.conf is:

Code:
domain domain.com
search domain.com
nameserver 234.234.234.234
nameserver 192.168.123.110
Where 234.234.234.234. is my ISP's DNS server IP Adress.

It is right?

Thnks.
Reply With Quote
  #6  
Old 13th April 2010, 16:40
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,721 Times in 2,562 Posts
Default

That should work. Do you still get named errors in your logs?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
feeninuoumn (19th December 2013)
  #7  
Old 13th April 2010, 19:19
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 284
Thanks: 78
Thanked 7 Times in 6 Posts
Default

Yes! I still get this errors!
I try to enter first ISP's DNS IP adress. And secondary ISP's DNS server too.
Reply With Quote
  #8  
Old 14th April 2010, 00:19
createch createch is offline
Senior Member
 
Join Date: Aug 2007
Posts: 118
Thanks: 24
Thanked 16 Times in 13 Posts
Default

Try this...

domain domain.com
search domain.com
nameserver 234.234.234.234
nameserver 192.168.123.110 << delete this line



save the resolve.conf, restart the named service and see whether there is still error(s).
Reply With Quote
  #9  
Old 14th April 2010, 08:51
Captain Captain is offline
Senior Member
 
Join Date: Feb 2009
Posts: 284
Thanks: 78
Thanked 7 Times in 6 Posts
Default

Still have problem.
Reply With Quote
  #10  
Old 14th April 2010, 16:35
createch createch is offline
Senior Member
 
Join Date: Aug 2007
Posts: 118
Thanks: 24
Thanked 16 Times in 13 Posts
 
Default

Assuming that your problem is due to recursion issue --- then please

1. edit the file /etc/resolve.conf and save like this (XXX.XXX.XXX.XXX = name server of your ISP)

======================
search xxxx.com
nameserver XXX.XXX.XXX.XXX
======================

2. edit the /var/named/chroot/etc/named.conf, in the options section, add the following line:

allow-recursion { any; };

So the result should be like this:
==========================
options {

XXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXX

allow-recursion { any; };

};

===========================

Restart the named service. See what is the result.
Reply With Quote
The Following 2 Users Say Thank You to createch For This Useful Post:
Captain (14th April 2010), rbartz (29th November 2010)
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SugarCRM Install on ISPConfig3 w/ SuPHP clucena Installation/Configuration 1 9th February 2010 09:29
Forbidden 403; Samba access; config of maildeamon fawkes Installation/Configuration 4 14th January 2010 18:16
ISP Config hesitation when opening web pages frankb Installation/Configuration 7 15th December 2008 13:06
Google Apps dayjahone General 19 29th March 2008 17:25
Questions in regards to ISP-Server Setup - Ubuntu 5.10 "Breezy Badger" rbrantley HOWTO-Related Questions 16 10th April 2006 18:26


All times are GMT +2. The time now is 10:24.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.