Problem with DNS on mandriva 2007
Dixon, Justin
Justin.Dixon at BBandT.com
Tue Jan 30 13:50:13 UTC 2007
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Carlos
> Alberto Bernat Orozco
> Sent: Tuesday, January 30, 2007 00:06
> To: bind-users at isc.org
> Subject: Re: Problem with DNS on mandriva 2007
>
> Hi group
> Sorry but I'm clueless. My server still does not resolve. Let me
explain my
> self. I configured all my zones to make my DNS server.
>
> This is my named.conf
>
>
> include "/etc/rndc.key";
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { mykey; };
> };
>
> // Access lists (ACL's) should be defined here
> include "/etc/bogon_acl.conf";
> include "/etc/trusted_networks_acl.conf";
>
> // Define logging channels
> include "/etc/logging.conf";
>
> options {
> version "";
> directory "/var/named";
> dump-file "/var/tmp/named_dump.db";
> pid-file "/var/run/named.pid";
> statistics-file "/var/tmp/named.stats";
> zone-statistics yes;
> // datasize 256M;
> coresize 100M;
> // fetch-glue no;
> // recursion no;
> // recursive-clients 10000;
> auth-nxdomain yes;
> query-source address * port *;
> listen-on port 53 { any; };
> cleaning-interval 120;
> transfers-in 20;
> transfers-per-ns 2;
> lame-ttl 0;
> max-ncache-ttl 10800;
> notify no;
> transfer-format many-answers;
> max-transfer-time-in 60;
> interface-interval 0;
> allow-recursion { trusted_networks; };
> blackhole { bogon; };
> };
>
> zone "ac" { type delegation-only; };
> zone "cc" { type delegation-only; };
> zone "com" { type delegation-only; };
> zone "cx" { type delegation-only; };
> zone "lv" { type delegation-only; };
> zone "museum" { type delegation-only; };
> zone "net" { type delegation-only; };
> zone "nu" { type delegation-only; };
> zone "ph" { type delegation-only; };
> zone "sh" { type delegation-only; };
> zone "tm" { type delegation-only; };
> zone "ws" { type delegation-only; };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> zone "localdomain" IN {
> type master;
> file "master/localdomain.zone";
> allow-update { none; };
> };
>
> zone "localhost" IN {
> type master;
> file "master/localhost.zone";
> allow-update { none; };
> };
>
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "reverse/named.local";
> allow-update { none; };
> };
>
> zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
> IN {
> type master;
> file "reverse/named.ip6.local";
> allow-update { none; };
> };
>
> zone "255.in-addr.arpa" IN {
> type master;
> file "reverse/named.broadcast";
> allow-update { none; };
> };
>
> zone "0.in-addr.arpa" IN {
> type master;
> file "reverse/named.zero";
> allow-update { none; };
> };
> //poner master/
> zone "codisert.com.co" IN {
> type master;
> file "codisert.com.co.db";
> allow-update { none; };
> };
> //poner reverse/
> zone "66.21.200.in-addr.arpa" IN {
> type master;
> file "200.21.66.rev";
> allow-update { none; };
> };
> //poner reverse/
> zone "62.21.200.in-addr.arpa" IN {
> type master;
> file "200.21.62.rev";
> allow-update { none; };
> };
>
> ########################################
> And these are my DNS querys with the -x option:
>
> # dig @200.21.66.194 -x 200.21.66.194
>
> ; <<>> DiG 9.3.0 <<>> @200.21.66.194 -x 200.21.66.194
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43611
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;194.66.21.200.in-addr.arpa. IN PTR
>
> ;; ANSWER SECTION:
> 194.66.21.200.in-addr.arpa. 3600 IN PTR
ethereal.codisert.com.co.
>
> ;; AUTHORITY SECTION:
> 66.21.200.in-addr.arpa. 604800 IN NS
ethereal.codisert.com.co.
>
> ;; ADDITIONAL SECTION:
> ethereal.codisert.com.co. 604800 IN A 200.21.66.194
>
> ;; Query time: 39 msec
> ;; SERVER: 200.21.66.194#53(200.21.66.194)
> ;; WHEN: Tue Jan 30 00:01:42 2007
> ;; MSG SIZE rcvd: 112
>
>
> Thanks to Stephen, I added a dot on my 200.21.66.rev file. What I
understood
> is to allow recursion in order to make work my DNS server. But still
> continue my problem.
>
> I've reading about recursion, and I think that if is enable it by
default,
> then what other causes could posibble affect that my DNS server does
not
> resolv any web site? I already configured my firewall. But I'm lost
with
> this issue.
>
> Please give some more steps to get more info. I have a week with no
> solution.
>
>
> Thanks in advanced and sorry for the dummie question
>
> Carlos Bernat
>
> 2007/1/29, Barry Margolin <barmar at alum.mit.edu>:
> >
> > In article <epmdd7$2rfd$1 at sf1.isc.org>,
> > "Carlos Alberto Bernat Orozco" <cabo81 at gmail.com> wrote:
> >
> > > Hi group
> > > Thanks Stephane for your answers. Sorry, my mistake on the -x
option on
> > the
> > > dig command. What you said before is that my DNS won't resolve
unless
> > uses
> > > recursion to make querys.
> > >
> > > Sorry, I've been reading about how enable it (recursion) but I
can't
> > find
> > > info. How can I enable it (in the zones, named.conf) ? or where
can I
> > find
> > > info to enable it?
> >
> > Recursion is enabled by default, you have to disable it with
"recursion
> > no;" or "allow-recursion { <acl> };" in named.conf.
> >
> > --
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> > *** PLEASE don't copy me on replies, I'll read them in the group ***
> >
> >
> >
>
>
>
> allow-recursion { trusted_networks; };
What are the contents of the trusted_networks ACL above? This could be
your problem. What do the logs say when you look through them?
Justin Dixon
More information about the bind-users
mailing list