Local DNS does not query
Kevin Darcy
kcd at daimlerchrysler.com
Thu Dec 1 23:35:24 UTC 2005
The master for the zone is defined as 82.195.146.192. If you want to
allow some other IP address, then check out "allow-notify" in the
documentation.
- Kevin
Chris Boyd wrote:
>I've set up the local dns (10.133.1.230) as a slave and I'm getting messages now:
>
> named[19828]: zone usit.ie/IN: refused notify from non-master: 10.133.1.230#53
>
>
>Here's the named.conf:
>
>zone "." in {
> type hint;
> file "root.hint";
>};
>
>zone "localhost" in {
> type master;
> file "localhost.zone";
>};
>
>zone "0.0.127.in-addr.arpa" in {
> type master;
> file "127.0.0.zone";
>};
>
>zone "usit.ie" in {
> type slave;
> file "usit.zone";
> allow-transfer { 10.133.1.230; 82.195.146.192;};
> #allow-query {10.133.1.230;};
> masters { 82.195.146.192;};
> notify yes;
>};
>
>
>
>
>>>>Mark Andrews <Mark_Andrews at isc.org> 12/01/05 12:52 >>>
>>>>
>>>>
>
>
>
>>I'm not all that up on DNS but I thought that if the local dns could not find
>> a record it would search the forwarders and then root.
>>Now I can get an A record in dig for everything on the local server as well a
>>s any other domain. I cannot, however, get it to resolve for usit addresses (
>>like intranet.usit.ie) outside the local dns server.
>>Here's my config:
>>
>>named.conf
>>options {
>>
>> # The directory statement defines the name server's working directory
>>
>> directory "/var/lib/named";
>>
>>
>> dump-file "/var/log/named_dump.db";
>> statistics-file "/var/log/named.stats";
>>
>>
>> forwarders { 82.195.128.132; 82.195.128.192;};
>> query-source address * port 53;
>> transfer-source * port 53;
>> notify-source * port 53;
>>
>> # The allow-query record contains a list of networks or IP addresses
>> # to accept and deny queries from. The default is to allow queries
>> # from all hosts.
>>
>> allow-query { 127.0.0.1; 10.133.0.0/16;};
>>
>> notify yes;
>>};
>>
>>zone "." in {
>> type hint;
>> file "root.hint";
>>};
>>
>>zone "localhost" in {
>> type master;
>> file "localhost.zone";
>>};
>>
>>zone "0.0.127.in-addr.arpa" in {
>> type master;
>> file "127.0.0.zone";
>>};
>>zone "usit.ie" in {
>> type master;
>> file "usit.zone";
>> #allow-query {10.133.1.230;};
>>};
>>
>>usit.zone:
>>
>>$ORIGIN usit.ie.
>>$TTL 3D
>>@ IN SOA ns3.rack365.com. admin.usit.ie. (
>> 10 ; Serial
>> 10800 ; Refresh
>> 3600 ; Retry
>> 604800 ; Expire
>> 86400 ) ; Minimum TTL
>>;
>> NS ns1
>>;
>>ns1 A 10.133.1.230
>>partone A 169.254.1.62
>>travelquest A 10.1.7.199
>>proxy A 10.133.1.45
>>
>>dig output for "intranet.usit.ie"
>>
>>; <<>> DiG 9.3.1 <<>> intranet.usit.ie
>>;; global options: printcmd
>>;; Got answer:
>>;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8984
>>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
>>
>>;; QUESTION SECTION:
>>;intranet.usit.ie. IN A
>>
>>;; AUTHORITY SECTION:
>>usit.ie. 86400 IN SOA ns3.rack365.com. admin.usit.i
>>e. 10 10800 3600 604800 86400
>>
>>;; Query time: 2 msec
>>;; SERVER: 10.133.1.230#53(10.133.1.230)
>>;; WHEN: Thu Dec 1 12:28:49 2005
>>;; MSG SIZE rcvd: 91
>>
>>
>
> When you declare a master/slave zone you are telling the
> nameserver that it knows *everything* about the zone.
>
>--
>Mark Andrews, ISC
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
>
>
>
>
>
>
>
>
>
More information about the bind-users
mailing list