Jailed DNS

So, I'm trying to set up simple caching resolver at home inside jail. More to try to fiddle with jails than DNS, but everything looks pretty straightforward until I try to test it from remote LAN machine. The crucial part in config file is setup:

Code:
  forward only;
...

   forwarders {
       8.8.8.8;
    };

But tcpdump shows things like
Code:
...
192.168.1.103.53 > 192.168.1.106.45092: 37880 Refused- 0/0/0 (32)

Basically, resolving from DNS machine itself works but it won't pass request.
What am I doing wrong here?
 
Do you have things like recursion set to yes, and allow-recursion set to allow your network? By default, BIND/named will not allow any recursive (i.e. non-locally resolvable) queries. named.conf(5) has more.
 
Try to explicitly give access to what network on which address
Code:
options {
  ...
    allow-query { 192.168.1.0/24; };
    listen-on { 192.168.1.103; };
  ...
}
 
allow-recursion solved it. I thought I only needed forward requests to next server.
Thanks to both of you.
 
Back
Top