turning on recursion in bind 9.2.2 makes ssh login prompt slow
Mark Andrews
Mark_Andrews at isc.org
Fri Jan 18 20:55:18 UTC 2008
> Ok, I changed my named.conf "." zone to the following:
> zone "." {
> type master;
> file "db.root";
> allow-transfer { any; };
> };
> and each slave has:
> zone "." {
> type slave;
> file "bak.db.root";
> masters { 168.84.1.194; };
> allow-notify { any; };
> };
> The zone for "." looks like this:
> $TTL 3h
> @ IN SOA @ root (
> 2008011801 ;serial YYYYMMDD##
> 3h ;refresh after 3 hours
> 1h ;retry after 1 hour
> 1w ;expire after 1 week
> 1d ) ;negative caching TTL of 1 day
> @ IN NS @
> IN A 168.84.1.194
> IN A 168.84.1.195
> IN A 168.84.1.196
> IN A 168.84.1.197
> IN A 168.84.1.198
> Everything loaded ok and DNS seems to be working. I'd still like a
> 2nd opinion of how I wrote the config/zone file? Thanks again for everyone's
> help I really appreciate this.
> On Jan 16, 2008 7:45 PM, Kevin Darcy <kcd at chrysler.com> wrote:
I presume you have names for each of the machines 168.84.1.194
through 168.84.1.198. I would use them. The root servers
should also serve all the zones which contain those names.
"." is often a place holder.
You also need to delegate the rest of the zones. By
convention localhost and 127.in-addr.arpa are not delegated
but are configured on all recursive servers.
Doing it correctly now will allow you to grow.
Mark
$TTL 10800
@ SOA <master> <your.Email.address> 2008011801 10800 3600 604800 86400
@ NS <master>
@ NS <slave>
@ NS <slave>
@ NS <slave>
@ NS <slave>
<master> A 168.84.1.194
<slave> A 168.84.1.195
<slave> A 168.84.1.196
<slave> A 168.84.1.197
<slave> A 168.84.1.198
bms.n2bb.com. NS <nameserver1>
bms.n2bb.com. NS <nameserver2>
1.84.168.in-addr.arpa. NS <nameserver1>
1.84.168.in-addr.arpa. NS <nameserver2>
<nameserver1> A <address>
<nameserver2> A <address>
> > Since this is an isolated network, set up the root zone as *master*, not
> > hint. There's no point in "hint"ing at a root zone, if there's nothing
> > on your network that actually serves that zone authoritatively; you're
> > sending dig +trace on a fool's errand...
> >
> > - Kevin
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list