option forward first: sysquery: no addrs found for root
phn at icke-reklam.ipsec.nu
phn at icke-reklam.ipsec.nu
Tue Jun 25 11:34:30 UTC 2002
Mailing-Listen <maillist at klumpp.de> wrote:
> Hello out there,
> I know, there have been a lot of mails about this topic
> already, but I could not get rid of it so I decided to
> post my problem here:
> Our nameserver (bind 8.3.1 on a linux box) forwards
> dns-queries which are outside our zone to our ISPs
> nameservers. In case they are not available I want my DNS to
> query the root-nameservers to continue operation. For that
> reason I used "forward first" and not "forward only" in the
> options settings of named.conf.
> After starting named I get permanently the warning
> sysquery: no addrs found for root NS (M.ROOT-SERVERS.NET)
> for every root-dns in the root.hints file.
If you use forward-first you must be able to reach the root-servers.
Seems that you cannot reach Internet, only your ISP. Is there
firewall filters preventing this ?
> According to the list-archive this is caused by the "forward
> first" option and I found a suggestion to leave away the
> root.hints file.
> Doing so, the warning mentioned above is gone indeed - but
> instead there is another one:
> info: sysquery: nlookup error on ?
> I tried if the warnings are caused by the firewall, but
> behaviour is the same with the firewall all open...
> Has someone an idea how I have to configure my DNS so that it
> is really correct (means: no warnings in the log:-)
> Here comes part of our named.conf:
> options {
> directory "/var/named";
> forward first;
> forwarders {
> 212.121.128.10;
> 212.121.128.11;
> };
> };
> zone "." in {
> type hint;
> file "root.hints";
> };
> zone "localhost" {
> type master;
> file "localhost";
> };
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "127.0.0";
> };
> Thanks for your help,
> Michael
> Klumpp-Informatik
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
More information about the bind-users
mailing list