7

On Ubuntu 14.04, when I'm performing a

dig google.de

on my machine, I get a REFUSED status (reducing to relevant lines):

me@machine:~# dig google.de
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 26926
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

My /etc/resolv.conf knows three nameservers:

nameserver 1.2.3.4
nameserver 1.2.3.5
nameserver 8.8.8.8

where the first two are corporate owned nameservers. But at least the last one (8.8.8.8) shouldn't return a refused status. So how can I enable recursion so that the last nameserver is considered?

Gottlieb Notschnabel
  • 349
  • 2
  • 3
  • 8

1 Answers1

10

The DNS resolver will only move onto the other name servers if the first one returns an error (i.e SERVFAIL) or can't be reached. If the DNS server returns NXDOMAIN then the resolver considers that the proper answer and won't check the others. NXDOMAIN is considered a final definitive answer that the requested domain does not exist.

In your case the first namserver is reached and is denying you.

In that namserver's named.conf you should have something like allow-query { any; };

Or

One solution might be to temporarily change the order of the nameservers in /etc/resolv.conf & put 8.8.8.8 first

Or

Just to direct dig to use 8.8.8.8 as the DNS server at command line you can do :

dig @8.8.8.8 google.de

neuron
  • 1,941
  • 11
  • 20