# Jailed DNS



## bbzz (Apr 18, 2012)

So, I'm trying to set up simple caching resolver at home inside jail. More to try to fiddle with jails than DNS, but everything looks pretty straightforward until I try to test it from remote LAN machine. The crucial part in config file is setup:


```
forward only;
...

   forwarders {
       8.8.8.8;
    };
```

But tcpdump shows things like

```
...
192.168.1.103.53 > 192.168.1.106.45092: 37880 Refused- 0/0/0 (32)
```

Basically, resolving from DNS machine itself works but it won't pass request. 
What am I doing wrong here?


----------



## DutchDaemon (Apr 19, 2012)

Do you have things like recursion set to yes, and allow-recursion set to allow your network? By default, BIND/named will not allow any recursive (i.e. non-locally resolvable) queries. named.conf(5) has more.


----------



## aa (Apr 19, 2012)

Try to explicitly give access to what network on which address

```
options {
  ...
    allow-query { 192.168.1.0/24; };
    listen-on { 192.168.1.103; };
  ...
}
```


----------



## bbzz (Apr 20, 2012)

allow-recursion solved it. I thought I only needed forward requests to next server.
Thanks to both of you.


----------

