Sample Header Ad - 728x90

BIND9 refusing DNS queries

1 vote
1 answer
133 views
debian dns bind proxmox bind9
I cannot *for the life of me* work out **why** BIND9 is refusing queries. I have followed so many tutorials and watched so many configuration setup videos, both using Webmin and in the CLI, following them to the letter, but my BIND9 simply will not answer queries. BIND9 is installed on a debian VM on Proxmox. - I can ping the server - I can SSH to the server - I can access Webmin and configure everything in there - named-checkzone returns OK - neither iptables nor ufw are installed - the Proxmox Firewall is disabled at the Datacenter, Host and VM levels - the server can reach the internet - nslookup and dig both fail on the DNS server itself using nslookup example.com 127.0.0.1 and dig @127.0.0.1 example.com 
admin@vm-server:~$ nslookup example.com localhost
Server:         localhost
Address:        ::1#53

** server can't find example.com: REFUSED

admin@vm-server:~$ dig @127.0.0.1 example.com

; > DiG 9.18.28-1~deb12u2-Debian > @127.0.0.1 example.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER";
        };
controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
        };
logging {
        };
**/etc/bind/named.conf.options**: 
options {
	directory "/var/cache/bind";

	dnssec-validation auto;

	listen-on-v6 { any; };
	listen-on port 53 {
		127.0.0.1;
    	127.0.1.1;
		10.0.0.2;
		};
	allow-query {
		localhost;
    	ACL_RFC1918;
		};
	multiple-cnames yes;
};
**/etc/bind/named.conf.local**: 
zone "example.com" {
	type master;
	file "/var/lib/bind/example.com.hosts";
	};
**/etc/bind/named.conf.default-zones**: 
zone "." {
	type hint;
	file "/usr/share/dns/root.hints";
};

zone "localhost" {
	type master;
	file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
	type master;
	file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
	type master;
	file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
	type master;
	file "/etc/bind/db.255";
};
**/var/lib/bind/example.com.hosts**: 
$ttl 3600
example.com.	IN	SOA	vm-server. admin.example.com. (
			2025042448
			3600
			600
			1209600
			3600 )
example.com.	IN	NS	vm-server.example.com.
vm-server.example.com.	IN	A	10.0.0.2
dns.example.com.	IN	CNAME	vm-server
**/etc/bind/rndc.conf**: 
key "rndc-key" {
	algorithm hmac-sha256;
	secret "";
};

options {
	default-key "rndc-key";
	default-server 127.0.0.1;
	default-port 953;
};
**/etc/bind/rndc.key**: 
key "rndc-key" {
	algorithm hmac-sha256;
	secret "";
};
Asked by skeetastax (159 rep)
Apr 25, 2025, 03:33 AM
Last activity: Apr 25, 2025, 09:58 AM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "debian"
More questions tagged "dns"
More questions tagged "bind"
Footer Ad - 728x90