External DNS Queries Refused

Discussion in 'Server Operation' started by atjensen11, Sep 18, 2008.

  1. atjensen11

    atjensen11 New Member

    I have been running a DNS server on my internal LAN for some time now and it has been performing well.

    After following many excellent tutorials on this site, I now have a server capable of hosting websites with Apache Virtual Hosts, among other features.

    For the last year, I have been using an external DNS service for servicing the DNS requests for those websites. I know am attempting to bring that DNS service in house onto my existing DNS server.

    I have configured the DNS server to use views; one external and one internal. (As a side note, the server was also using views but only the internal view existed for the last year. So all I am doing is building out the external view.)

    When I try an nslookup command from a Windows PC command line using my DNS server, the query is always refused.

    All necessary ports are open and forwarded correctly between the gateway firewall and the server.

    Any suggestions?
     
  2. topdog

    topdog Active Member HowtoForge Supporter

    Lets see the named.conf file
     
  3. atjensen11

    atjensen11 New Member

    After some extended searching on Google, I found the line that was causing the problem. It was in my named.conf.local file.

    Here is the file as it was before I made the change:

    Code:
    view external chaos {
            match-clients { !lan_hosts; any; };
            recursion no;
            additional-from-auth no; 
            additional-from-cache no;
            zone "ninjamonkeysix.com" {
                 type master;
                 file "/etc/bind/external/ninjamonkeysix.com.hosts";
            };
    };
    
    I was getting an error that contained the clue "IN" != zone "CH".

    I found that if removed the chaos word from my external zone, I no longer received the errors and my external DNS queries were no answered. So my block now looks like:

    Code:
    view external {
            match-clients { !lan_hosts; any; };
            recursion no;
            additional-from-auth no; 
            additional-from-cache no;
            zone "ninjamonkeysix.com" {
                 type master;
                 file "/etc/bind/external/ninjamonkeysix.com.hosts";
            };
    };
    
    Although it is working, it now leaves me wondering why a person would use this chaos thing. I have read a little bit about how to set it up, but I haven't found any simple description of the benefits or drawbacks.
     

Share This Page