Hallo,

habe bei mir schon längere Zeit den BIND9 laufen für mein LAN. (auf hauptrechner)
ping rechner 2 von hauptrechner funktioniert ebenso wie ping hauptrechner von rechner2
(auch mit Windows)

aber nslookup rechner2 von hauptrechner bringt folgendes Ergebnis:

hauptrechner:/home/bernd # nslookup rechner2
Note: nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead. Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server: 172.16.0.141
Address: 172.16.0.141#53

** server can't find rechner2: REFUSED

aber ein nslookup vom client rechner2 bringt eine positive Meldung:

rechner2#nslookup hauptrechner

Server: 172.16.0.141
Adress: 172.16.0.141#53

Name: hauptrechner.test
Adress: 172.16.0.141

funktioniert nslookup nur für die clients oder habe ich irgendwo noch einen Fehler?

ich habe auch einen Teil meiner /var/log/messages

Dec 16 22:48:57 hauptrechner named[1145]: client 172.16.0.141#32782: query '141.0.16.172.in-addr.arpa/IN' denied
Dec 16 22:48:57 hauptrechner last message repeated 15 times
Dec 16 22:49:59 hauptrechner last message repeated 32 times
Dec 16 22:51:01 hauptrechner last message repeated 32 times
Dec 16 22:51:32 hauptrechner last message repeated 16 times
Dec 16 22:51:56 hauptrechner named[1145]: client 172.16.0.141#32782: query 'rechner2.test/IN' denied
Dec 16 22:51:56 hauptrechner named[1145]: client 172.16.0.141#32783: query (cache) denied
Dec 16 22:52:03 hauptrechner named[1145]: client 172.16.0.141#32783: query '141.0.16.172.in-addr.arpa/IN' denied
Dec 16 22:52:34 hauptrechner last message repeated 16 times


meine /etc/named.conf

hauptrechner:/etc # cat named.conf
# Copyright (c) 2001-2003 SuSE Linux AG, Nuernberg, Germany
#
# Author: Frank Bodammer, Lars Mueller <lmuelle@suse.de>
#
# /etc/named.conf
#
# This is a sample configuration file for the name server BIND 9.
# It works as a caching only name server without modification.
#
# A sample configuration for setting up your own domain can be
# found in /usr/share/doc/packages/bind9/sample-config.
#
# A description of all available options can be found in
# /usr/share/doc/packages/bind9/misc/options.
acl internal { 127.0.0.1; 172.16.0.142/24; };
options {

# The directory statement defines the name server's
# working directory

directory "/var/lib/named";

# The forwarders record contains a list of servers to
# which queries should be forwarded. Enable this line and
# modify the IP-address to your provider's name server.
# Up to three servers may be listed.

#forwarders { 10.11.12.13; 10.11.12.14; };
forwarders { 194.25.2.129; 194.25.2.130; 62.27.53.66; };
# Enable the next entry to prefer usage of the name
# server declared in the forwarders section.

forward first;

# The listen-on record contains a list of local network
# interfaces to listen on. Optionally the port can be
# specified. Default is to listen on all interfaces found
# on your system. The default port is 53.

listen-on port 53 { 127.0.0.1; 172.16.0.142; 172.16.0.141; };

# The listen-on-v6 record enables or disables listening
# on IPV6 interfaces. Allowed values are 'any' and 'none'
# or a list of addresses. IPv6 can only be used with
# kernel 2.4 in this release.

listen-on-v6 { any; };

# The next three statements may be needed if a firewall
# stands between the local server and the internet.

query-source address * port 53;
transfer-source * port 53;
notify-source * port 53;
#Diese 3 Zeilen habe ich am 11.10.03 auskommentiert

# The allow-query record contains a list of networks or
# IP-addresses to accept and deny queries from. The
# default is to allow queries from all hosts.

allow-query { 127.0.0.1; 172.16.0.142; };
# allow-query { internal; };
# If notify is set to yes (default), notify messages are
# sent to other name servers when the the zone data is
# changed. Instead of setting a global 'notify' statement
# in the 'options' section, a separate 'notify' can be
# added to each zone definition.
cleaning-interval 120;
#statistics-interval 0;
notify no;
};

# Remove the leading '#' characters if you want a log of the queries send to
# your name server. The log file size is limited to 100 MB.
#logging {
# channel query_logging {
# file "/var/log/named_querylog"
# versions 3 size 100M;
# print-time yes; // timestamp log entries
# };
# category queries {
# query_logging;
# };
# category lame-servers { null; };
#};

# The following zone definitions don't need any modification.
# The first one is the definition of the root name servers.
# The second one defines localhost while the third defines the reverse lookup
# for localhost.

zone "." in {
type hint;
file "root.hint";
};

zone "localhost" in {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};

# You can insert further zone records for your own domains below.
zone "test" in {
type master;
file "test.zone";
};

zone "0.16.172.in-addr.arpa" in {
type master;
file "172.16.0.zone";

Und hier sind noch meine zone-files

hauptrechner:/var/lib/named # cat 172.16.0.zone
; Zonefile für local. (Reverse Mapping)
;
$TTL 3h
0.16.172.in-addr.arpa. IN SOA hauptrechner.test. root.hauptrechner.test. (
2003100810 ; Seriennummer
10800 ; Refresh Zeit
3600 ; Retry Zeit
604800 ; Expire
38400 ) ; negative Caching TTL
;
; Nameserver
;

0.16.172.in-addr.arpa. IN NS hauptrechner.test.
;
; Hosts Adressen zeigen auf kanonische Namen
;
142.0.16.172.in-addr.arpa. IN PTR rechner2.test.
141.0.16.172.in-addr.arpa. IN PTR hauptrechner.test.


hauptrechner:/var/lib/named # cat test.zone
; Zonefile (Forward Mapping) für heim.netz. (eine Kommentarzeile)
$TTL 3h
test. IN SOA hauptrechner.test. root.hauptrechner.test. (
2003100810 ; Seriennummer
10800 ; Refresh Zeit
3600 ; Retry Zeit
604800 ; Expire
38400 ) ; negative Caching TTL
;
; Nameserver
;
test. IN NS hauptrechner.test.
;
; Hosts (kanonisch)
;
localhost IN A 127.0.0.1
hauptrechner.test. IN A 172.16.0.141
rechner2.test. IN A 172.16.0.142
;
; Aliase
;
www.test. IN CNAME hauptrechner.test
irc.test. IN CNAME hauptrechner.test

Kann es sein daß mein hauptrechner auf dem der BIND9 läuft nicht berechtigt ist
eine Anfrage an den nameserver zu stellen?

mfG
N.