query failed (REFUSED) with version (tag) 0.16 #19

soofstad · 2019-06-10T09:48:54Z

Hi,
I just updated to use the 0.16 docker image from 0.15, but was getting errors like this on any dns forwarded queries;

bind9   | 10-Jun-2019 11:36:29.603 client @0x7fe3d817f860 192.168.1.10#54157 (www.reddit.com): query: www.reddit.com IN A +E(0) (172.19.0.2)
bind9   | 10-Jun-2019 11:36:29.604 client @0x7fe3d817f860 192.168.1.10#54157 (www.reddit.com): query (cache) 'www.reddit.com/A/IN' denied
bind9   | 10-Jun-2019 11:36:29.604 client @0x7fe3d817f860 192.168.1.10#54157 (www.reddit.com): query failed (REFUSED) for www.reddit.com/IN/A at ../../../bin/named/query.c:7145

The extra hosts and wildcard queries works fine, but all forwarded queries gets that error.
I had to rollback to 0.15, where everything works fine.

My config looks like this;

version: '2.1'
services:
  bind:
    image: cytopia/bind:0.15
    container_name: bind9
    restart: unless-stopped
    environment:
      - TZ=Europe/Oslo
      - WILDCARD_DNS=anon.xyz=192.168.1.5
      - EXTRA_HOSTS=sheets.anon.xyz=anon.github.io
      - DNS_FORWARDER=208.67.222.222,208.67.220.220,192.168.1.1,8.8.8.8
      - DOCKER_LOGS=1
      - TTL_TIME=300
    ports:
      - "53:53"
      - "53:53/udp"

The text was updated successfully, but these errors were encountered:

Apple-G · 2019-11-07T23:18:25Z

you only have to add - ALLOW_QUERY=any

version: '2.1'
services:
  bind:
    image: cytopia/bind:0.15
    container_name: bind9
    restart: unless-stopped
    environment:
      - TZ=Europe/Oslo
      - WILDCARD_DNS=anon.xyz=192.168.1.5
      - EXTRA_HOSTS=sheets.anon.xyz=anon.github.io
      - DNS_FORWARDER=208.67.222.222,208.67.220.220,192.168.1.1,8.8.8.8
      - DOCKER_LOGS=1
      - TTL_TIME=300
      - ALLOW_QUERY=any
    ports:
      - "53:53"
      - "53:53/udp"

soofstad · 2019-11-08T06:57:28Z

Thanks for the reply, I will try that. But from the documentation I quote;

ALLOW_QUERY	string		Specify a comma separated list of IP addresses with optional CIDR mask to allow queries from a specific IP address or ranges of IP addresses. This allows for control over who is allowed to query the DNS server. If not specified all hosts are allowed to make queries (defaults to any). See BIND QUERIESExample: ALLOW_QUERY=192.168.1.0/24,127.0.0.1

I read this to mean that any/*/0.0.0.0/0 IP address can query by default, so this should not be needed. Will try adding it regardless :)

soofstad · 2019-11-08T16:19:50Z

Tried out ALLOW_QUERY=any on the cytopia/bind:0.16 image. Still get the same error.

cytopia · 2022-03-16T11:07:25Z

@soofstad

thanks for the issue. I have made a major rewrite which addresses the fix here: #36

The new command to achieve what you've described above will be:

docker run -it --rm \
  -e DOCKER_LOGS=1 \
  -e DEBUG_ENTRYPOINT=2 \
  -p 5300:53/tcp \
  -p 5300:53/udp \
  -e DNS_A="*.anon.xyz=192.168.1.5" \
  -e DNS_CNAME="sheets.anon.xyz=anon.github.io" \
  -e DNS_FORWARDER="208.67.222.222, 208.67.220.220, 192.168.1.1, 8.8.8.8" \
  -e DOCKER_LOGS=1 \
  -e TTL_TIME=300  \
  cytopia/bind

cytopia mentioned this issue Mar 16, 2022

Major update #36

Merged

2 tasks

cytopia closed this as completed in #36 Mar 16, 2022

dvlbot added bug Bug Report status:confirmed Issue is confirmed labels Dec 14, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

query failed (REFUSED) with version (tag) 0.16 #19

query failed (REFUSED) with version (tag) 0.16 #19

soofstad commented Jun 10, 2019

Apple-G commented Nov 7, 2019

soofstad commented Nov 8, 2019

soofstad commented Nov 8, 2019

cytopia commented Mar 16, 2022

query failed (REFUSED) with version (tag) 0.16 #19

query failed (REFUSED) with version (tag) 0.16 #19

Comments

soofstad commented Jun 10, 2019

Apple-G commented Nov 7, 2019

soofstad commented Nov 8, 2019

soofstad commented Nov 8, 2019

cytopia commented Mar 16, 2022