7

On Ubuntu 14.04, when I'm performing a

dig google.de

on my machine, I get a REFUSED status (reducing to relevant lines):

me@machine:~# dig google.de
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 26926
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

My /etc/resolv.conf knows three nameservers:

nameserver 1.2.3.4
nameserver 1.2.3.5
nameserver 8.8.8.8

where the first two are corporate owned nameservers. But at least the last one (8.8.8.8) shouldn't return a refused status. So how can I enable recursion so that the last nameserver is considered?

Improve this question
5
  • Can you paste the named.conf configurations? Commented Aug 5, 2015 at 6:40
  • You should have allow-query { any; }; in that Commented Aug 5, 2015 at 6:41
  • There is no named.conf on that machine; find / -name "named.conf" returns nothing... Commented Aug 5, 2015 at 6:42
  • That will be there on your nameserver.. Commented Aug 5, 2015 at 6:48
  • Uh okay, sorry. Unfortunately I don't admin the nameserver. Commented Aug 5, 2015 at 6:49

1 Answer 1

Reset to default
11

The DNS resolver will only move onto the other name servers if the first one returns an error (i.e SERVFAIL) or can't be reached. If the DNS server returns NXDOMAIN then the resolver considers that the proper answer and won't check the others. NXDOMAIN is considered a final definitive answer that the requested domain does not exist.

In your case the first namserver is reached and is denying you.

In that namserver's named.conf you should have something like allow-query { any; };

Or

One solution might be to temporarily change the order of the nameservers in /etc/resolv.conf & put 8.8.8.8 first

Or

Just to direct dig to use 8.8.8.8 as the DNS server at command line you can do :

dig @8.8.8.8 google.de

Improve this answer
5
  • Thank you! Do I have to restart something after modifying resolv.conf (and if yes: how)? Commented Aug 5, 2015 at 6:57
  • No, that's not necessary. It will be picked up immediately. Commented Aug 5, 2015 at 6:59
  • Funnily I still get the same behaviour. And although 8.8.8.8 is the first nameserver now, dig still returns ;; SERVER: 1.2.3.4#53(1.2.3.4)... Commented Aug 5, 2015 at 7:38
  • 1
    @Neuron, you can specify a server for lookup in the dig command avoiding modifying files: dig @8.8.8.8 google.de Commented Aug 5, 2015 at 8:21
  • @YoMismo: Agree, edited my post to include your suggestion Commented Aug 5, 2015 at 8:47

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.