server will only answer for it's own zones
James Ervin
listuser at kites.org
Sun Jan 13 21:13:34 UTC 2002
For clarity note that the actual named.root entry is:
zone "." IN {
type hint;
file "named.root";
};
Also, named starts with no errors to speak of:
Jan 13 14:14:55 NS2 named[11688]: shutting down
Jan 13 14:14:55 NS2 named[11688]: no longer listening on 127.0.0.1#53
Jan 13 14:14:55 NS2 named[11688]: no longer listening on 24.197.31.131#53
Jan 13 14:14:55 NS2 named[11684]: exiting
Jan 13 14:14:55 NS2 named: named shutdown succeeded
Jan 13 14:14:55 NS2 named[13307]: starting BIND 9.1.0 -u named -d3
Jan 13 14:14:55 NS2 named: named startup succeeded
Jan 13 14:14:55 NS2 named[13307]: using 1 CPU
Jan 13 14:14:55 NS2 named[13311]: loading configuration from '/etc/named.conf'
Jan 13 14:14:55 NS2 named[13311]: the default for the 'auth-nxdomain'
option is now 'no'
Jan 13 14:14:55 NS2 named[13311]: no IPv6 interfaces found
Jan 13 14:14:55 NS2 named[13311]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 13 14:14:55 NS2 named[13311]: listening on IPv4 interface eth0,
24.197.31.131#53
Jan 13 14:14:55 NS2 named[13311]: running
At 08:59 AM 1/13/2002 -0500, you wrote:
>Hello:
>
>I have a server that will not answer for any zone other than one in which
>it is authoritative. I have tried this with recursive on or left out of
>the config with no change in behavior. I have ensured that there is no
>packet filtering involved as I have removed the firewall for all testing
>sessions. The named.conf is at the end of the email. This really looks
>like it has a bum named.root cache, but I am no expert. Here is a dig that
>will show my point (the first is for a zone that it is authoritative for
>and the second is not):
>
>[root at kites net]# dig @ns2.ci.bedford.va.us kites.org. any
>
>; <<>> DiG 9.1.3 <<>> @ns2.ci.bedford.va.us kites.org. any
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63979
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 2
>
>;; QUESTION SECTION:
>;kites.org. IN ANY
>
>;; ANSWER SECTION:
>kites.org. 900 IN SOA kites.kites.org.
>james.kites.org. 200201071 900 300 2592000 900
>kites.org. 900 IN NS kites.kites.org.
>kites.org. 900 IN NS ns2.ci.bedford.va.us.
>kites.org. 900 IN MX 5 kites.kites.org.
>
>;; AUTHORITY SECTION:
>kites.org. 900 IN NS ns2.ci.bedford.va.us.
>kites.org. 900 IN NS kites.kites.org.
>
>;; ADDITIONAL SECTION:
>ns2.ci.bedford.va.us. 900 IN A 24.197.31.131
>kites.kites.org. 900 IN A 24.197.0.67
>
>;; Query time: 58 msec
>;; SERVER: 24.197.31.131#53(ns2.ci.bedford.va.us)
>;; WHEN: Sun Jan 13 08:45:26 2002
>;; MSG SIZE rcvd: 199
>
>[root at kites net]# dig @ns2.ci.bedford.va.us hp.com. any
>
>; <<>> DiG 9.1.3 <<>> @ns2.ci.bedford.va.us hp.com. any
>;; global options: printcmd
>;; connection timed out; no servers could be reached
>
>Here is the named.conf (with many zones deleted for brevity):
>
>logging {
> category lame-servers { null; };
> category default { default_syslog; default_debug; };
> channel default_debug {
> file "/var/log/named"; # write to named.run in the working
>directory
> # Note: stderr is used instead of
>"named.run"
> # if the server is started with the -f
>option.
> severity dynamic; # log at the server's current debug level
> };
>};
>
>options {
> allow-recursion {
> any;
> };
> notify no;
> directory "/etc/dns";
> query-source address * port 53;
> forwarders {
> 198.6.1.122;
> 198.6.1.142;
> 198.6.1.146;
> };
>};
>
>zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> file "named.local";
>};
>
>zone "ci.bedford.va.us" {
> type slave;
> file "db.ci.bedford.va.us";
> masters { 24.197.0.67; };
>};
>
>zone "kites.org" {
> type slave;
> file "db.kites.org";
> masters { 24.197.0.67; };
>};
>
>zone "." IN {
> type hint;
> file "named.root";
> }
More information about the bind-users
mailing list