Recently I ran into a problem where one DNS server setup using Bind9 was not responding to external queries.
systemctl status bind9 –no-pager –full shows “Denied“
Common issues (listed below) that can cause the problem were not there.
- Bind9 was running properly
- The server was listening on both IPv4 and IPv6
- Port 53 was open
- The DNS server or port 53 could be connected using Telnet
The issue was with “recursive query” permissions. To allow external queries needed to add the following option
options {
...
...
allow-recursion { any; };
...
...
}
The options are commonly stored in /etc/bind/named.conf.options for Bind9 servers.