2 named in one box

Kevin Darcy kcd at daimlerchrysler.com
Tue Nov 7 02:45:40 UTC 2000 

Yes, I'm doing pretty much the same thing on our firewalls. The "tops" of your
config files look fine, but it's not the "tops" that are the problem, probably.
Your "LOCALLOOP" server apparently can't reverse-resolve 127.0.0.1 and your backup
resolving server (211.101.228.18) apparently can't reverse-resolve its address
either. Are the appropriate in-addr.arpa files set up in the appropriate places?
nslookup is stupid this way: it aborts if it can't reverse-resolve the address of
whatever nameserver it is trying to use. Real lookup utilities like "dig" omit
this "feature". What happens if you get a "dig" binary onto the box -- as I have
on our firewalls -- and use it for lookups instead? For that matter, what happens
if you use ping, traceroute, telnet, ftp or whatever and try to probe/connect to
sites by their FQDN's? They're not crippled by this nslookup "feature" either.


- Kevin

Thomas Duterme wrote:

> Hi everyone,
>
> I've been trying to set up two nameservers on one box: one acting as an
> advertising server (ie. non-recursive), but I'd like to also set up a
> recursive server that only localhost will use (for mail and other purposes)
>
> I can start up both nameservers, but nslookup acts all funky afterwards and it
> appears that local can't run lookups.
>
> [root at grendel namedl]# ps -aux | grep named
> named    16196  0.0  0.3  2936 1888 ?        S    13:58   0:00 named -u named
> named    16200  0.1  0.3  2936 1868 ?        S    13:58   0:00 named -u
> named -c
> root     16203  0.0  0.1  1516  588 pts/5    S    13:58   0:00 grep named
> [root at grendel namedl]# nslookup
> *** Can't find server name for address 127.0.0.1: Non-existent host/domain
> *** Can't find server name for address 211.101.228.18: Non-existent host/domain
>
> As you can tell, /etc/resolv.conf, first tries localhost and next works
> tries another LAN DNS server.
>
> Here are the tops of my config files for named.conf:
>
> ###ADVERTISING SERVER#####
> options {
>         directory "/var/named";
>         allow-transfer { 211.101.228.18; 172.18.1.18; 209.61.194.4; };
>         transfer-format many-answers;
>         pid-file "/var/named/named.pid";
>         listen-on { 211.101.228.19; };
>         recursion no;
>         fetch-glue no;
> };
>
> ###LOCALLOOP SERVER####
>
> options {
>         directory "/var/namedl";
>         listen-on { 127.0.0.1; };
>         pid-file "resolving.pid";
> };
>
> controls {
>     unix "/var/run/ndc-loopback" perm 0600 owner 0 group 0;
> };
>
> Am I missing anything here?  Anyone else doing this?
>
> thanks,
> Thomas

More information about the bind-users mailing list