Local DNS does not query
Chris Boyd
Chris.Boyd at usit.ie
Thu Dec 1 15:27:17 UTC 2005
I've set up the local dns (10.133.1.230) as a slave and I'm getting messages now:
named[19828]: zone usit.ie/IN: refused notify from non-master: 10.133.1.230#53
Here's the named.conf:
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "usit.ie" in {
type slave;
file "usit.zone";
allow-transfer { 10.133.1.230; 82.195.146.192;};
#allow-query {10.133.1.230;};
masters { 82.195.146.192;};
notify yes;
};
>>> Mark Andrews <Mark_Andrews at isc.org> 12/01/05 12:52 >>>
> I'm not all that up on DNS but I thought that if the local dns could not find
> a record it would search the forwarders and then root.
> Now I can get an A record in dig for everything on the local server as well a
> s any other domain. I cannot, however, get it to resolve for usit addresses (
> like intranet.usit.ie) outside the local dns server.
> Here's my config:
>
> named.conf
> options {
>
> # The directory statement defines the name server's working directory
>
> directory "/var/lib/named";
>
>
> dump-file "/var/log/named_dump.db";
> statistics-file "/var/log/named.stats";
>
>
> forwarders { 82.195.128.132; 82.195.128.192;};
> query-source address * port 53;
> transfer-source * port 53;
> notify-source * port 53;
>
> # The allow-query record contains a list of networks or IP addresses
> # to accept and deny queries from. The default is to allow queries
> # from all hosts.
>
> allow-query { 127.0.0.1; 10.133.0.0/16;};
>
> notify yes;
> };
>
> zone "." in {
> type hint;
> file "root.hint";
> };
>
> zone "localhost" in {
> type master;
> file "localhost.zone";
> };
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "127.0.0.zone";
> };
> zone "usit.ie" in {
> type master;
> file "usit.zone";
> #allow-query {10.133.1.230;};
> };
>
> usit.zone:
>
> $ORIGIN usit.ie.
> $TTL 3D
> @ IN SOA ns3.rack365.com. admin.usit.ie. (
> 10 ; Serial
> 10800 ; Refresh
> 3600 ; Retry
> 604800 ; Expire
> 86400 ) ; Minimum TTL
> ;
> NS ns1
> ;
> ns1 A 10.133.1.230
> partone A 169.254.1.62
> travelquest A 10.1.7.199
> proxy A 10.133.1.45
>
> dig output for "intranet.usit.ie"
>
> ; <<>> DiG 9.3.1 <<>> intranet.usit.ie
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8984
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;intranet.usit.ie. IN A
>
> ;; AUTHORITY SECTION:
> usit.ie. 86400 IN SOA ns3.rack365.com. admin.usit.i
> e. 10 10800 3600 604800 86400
>
> ;; Query time: 2 msec
> ;; SERVER: 10.133.1.230#53(10.133.1.230)
> ;; WHEN: Thu Dec 1 12:28:49 2005
> ;; MSG SIZE rcvd: 91
When you declare a master/slave zone you are telling the
nameserver that it knows *everything* about the zone.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list