View Full Version : [ubuntu] BIND not resolving client requests

December 15th, 2008, 07:50 PM
I have brought up a DNS master and two slaves. I am having issues with the servers performing lookups for URL's that are non-authorative for them.

If the client requests www.<mycompany>.com then it will return the correct address, but the same client requesting www.cnn.com gets denied.

This occurs with or without the UFW turned on.

Any ideas?

December 15th, 2008, 09:56 PM
Did you configure a "forwarders" section?

December 16th, 2008, 02:29 PM
Forwarders are not enabled. Shouldn't need them with the root servers specified.

I found the answer I was looking for after a lot of experimentation.

While recursion is turned on by default, the only addresses allowed to use the function by default are machines within the same subnet of the DNS server. If you have a client on a different subnet than the server, attempting a lookup for a public URL other than what it is authoritive for will fail. The answer is to add the line in the options file

allow-recursion {any;};

Since every install is different, you need to decide if this is a good thing or not. You can adjust the option to only allow machines you are responsible for to use this or as above you can allow anybody that can see your server to use it for DNS resolution.