开发者

DNS Server Refusing Connection

开发者 https://www.devze.com 2022-12-11 07:59 出处:网络
I am implementing a dns client, in which i try to connect to a local dns server, but开发者_如何学编程 the dns server is returning the message with an error code 5 , which means that its refusing the c

I am implementing a dns client, in which i try to connect to a local dns server, but开发者_如何学编程 the dns server is returning the message with an error code 5 , which means that its refusing the connection.

Any thoughts on why this might be happening ?? Thanks


DNS response error code 5 ("Refused") doesn't mean that the connection to the DNS server is refused. It means that the DNS server refuses to provide whatever data you asked for, or to do whatever action you asked it to do (for example a dynamic update).

Since you mention a "connection", I assume that you are using TCP? DNS primarilly uses UDP, and some DNS servers will refuse all requests over TCP. So the solution might be as simple as switching to UDP.

Otherwise, assuming you are building your own DNS client from scratch, my first guess would be that you are formatting the request incorrectly. Eventhough the DNS protocol seems fairly simple, it is very easy to get this wrong.

Finally, the DNS server may of course simply be configured to refuse requests for whatever you are asking.


explicitly adding the network from which i wanted to allow-recursion fixed this problem for me:

these two lines added to /etc/bind/named.conf.options

recursion yes; allow-recursion { 10.2.0.0/16; };


Policy enforcement?

The DNS server could be configured to accept only connections from certain hosts.


Hmm, if you're able to access StackOverflow you have a working DNS server SOMEwhere. Try doing

host -v stackoverflow.com

and look for messages like

Received 50 bytes from 192.168.1.1#53 in 75 ms

then pick the address out of that line and use THAT as your DNS - it's obviously willing to talk to you.

If you're on Windows, use NSLOOKUP for the same purpose. Your name server's address will be SOMEwhere in the output.

EDIT:

When I'm stuck for a DNS server, I use the one whose address I can remember most easily: 4.2.2.2 . See how that works for you.


You might try monitoring the conversation using WireShark. It can also decode the packets for you, which might help you determine if your client's packets are correctly encoded. Just filter on port 53 (DNS) to limit the packets captured by the trace.

Also, make sure you're using UDP and not TCP for queries; TCP should be used primarily for zone transfers, not queries.

0

精彩评论

暂无评论...
验证码 换一张
取 消