bind-9.3.2-33.fc5
Wael Shahin
wael.shahin at gmail.com
Thu Sep 21 12:54:02 UTC 2006
I have 2 public DNS servers one as primary and the other one is secondary,
both are behind PIX firewall
Environment:
BIND Version: bind-9.3.2-33.fc5
OS: FC5
PIX: Cisco Adaptive Security Appliance Software Version 7.1
Problem Description:
1- Most queries are resolved just fine but some returns the following error
"Server Failed", not timed out.
By restarting the named daemon those records resolves fine for a while then
the problem happens again.
2- When restarting named daemon sometimes I get the error that it is already
running when trying to start, and by initiating /etc/init.d/named start, it
starts fine afterward.
3- Some records are cached even though TTL is expired.
Steps taken to resolve the issue:
1- Removed the DNS Inspection from PIX firewall.
2- Defined edns packet size to 512.
3- Defined max ttl cache
Configuration File:
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
version "Whatever";
allow-query { any; };
allow-recursion { localhost; trusted; };
blackhole { badguys; };
notify yes;
max-cache-ttl 172800;
max-ncache-ttl 172800;
datasize default;
max-cache-size 80000000;
allow-transfer { secondaries; };
also-notify {192.168.1.101; 192.168.10.9;}; // all zones
allow-notify { secondaries; };
recursive-clients 30000;
--
Dry Networks don't pass by lakes !!!
More information about the bind-users
mailing list