[BlueOnyx:23250] Re: DNS issues on 5209R since 7.7 update
Colin Jack
colin at mainline.co.uk
Wed Sep 18 07:55:36 -05 2019
Hi Chris,
> What is your Nagios instance checking? Is it trying to run an authoritative or
> recursive lookup? I should tell you we typically do not recommend allowing any
> recursive service on these boxes to the outside world.
Yes - checking recursive (maybe not a good idea). 😊
Was working fine until yesterday's updates though ...
You *should* be able to
> operate recursive on just specified ranges by locking it down in the "Allow
> Cache access from these Networks". It looks like you've done that.
Yes - only my VPS are allowed to use recursive.
> What happens when you run a manual nslookup from remote against the
> box? (make sure you add the remote system to your "Allow Cache access...")
Tested from the another of our VPS CLI ... blocked.
Put my office IP into cached allow and still blocked.
Looks like named is not allowing any cached access.
Sep 18 12:53:18 iris.mainline.co.uk named[16123]: client @0x7f5f4000b650 208.67.249.234#44805 (249.67.208.in-addr.arpa): transfer of '249.67.208.in-addr.arpa/IN': AXFR-style IXFR ended
Sep 18 12:53:24 iris.mainline.co.uk named[16123]: client @0x7f5f682a73d0 91.135.11.249#61254 (google.com): query (cache) 'google.com/A/IN' denied
Temporarily set Open DNS ... still blocked.
Something broken.
Regards
Colin
More information about the Blueonyx
mailing list