2 named in one box
Kevin Darcy
kcd at daimlerchrysler.com
Tue Nov 7 02:45:40 UTC 2000
Yes, I'm doing pretty much the same thing on our firewalls. The "tops" of your
config files look fine, but it's not the "tops" that are the problem, probably.
Your "LOCALLOOP" server apparently can't reverse-resolve 127.0.0.1 and your backup
resolving server (211.101.228.18) apparently can't reverse-resolve its address
either. Are the appropriate in-addr.arpa files set up in the appropriate places?
nslookup is stupid this way: it aborts if it can't reverse-resolve the address of
whatever nameserver it is trying to use. Real lookup utilities like "dig" omit
this "feature". What happens if you get a "dig" binary onto the box -- as I have
on our firewalls -- and use it for lookups instead? For that matter, what happens
if you use ping, traceroute, telnet, ftp or whatever and try to probe/connect to
sites by their FQDN's? They're not crippled by this nslookup "feature" either.
- Kevin
Thomas Duterme wrote:
> Hi everyone,
>
> I've been trying to set up two nameservers on one box: one acting as an
> advertising server (ie. non-recursive), but I'd like to also set up a
> recursive server that only localhost will use (for mail and other purposes)
>
> I can start up both nameservers, but nslookup acts all funky afterwards and it
> appears that local can't run lookups.
>
> [root at grendel namedl]# ps -aux | grep named
> named 16196 0.0 0.3 2936 1888 ? S 13:58 0:00 named -u named
> named 16200 0.1 0.3 2936 1868 ? S 13:58 0:00 named -u
> named -c
> root 16203 0.0 0.1 1516 588 pts/5 S 13:58 0:00 grep named
> [root at grendel namedl]# nslookup
> *** Can't find server name for address 127.0.0.1: Non-existent host/domain
> *** Can't find server name for address 211.101.228.18: Non-existent host/domain
>
> As you can tell, /etc/resolv.conf, first tries localhost and next works
> tries another LAN DNS server.
>
> Here are the tops of my config files for named.conf:
>
> ###ADVERTISING SERVER#####
> options {
> directory "/var/named";
> allow-transfer { 211.101.228.18; 172.18.1.18; 209.61.194.4; };
> transfer-format many-answers;
> pid-file "/var/named/named.pid";
> listen-on { 211.101.228.19; };
> recursion no;
> fetch-glue no;
> };
>
> ###LOCALLOOP SERVER####
>
> options {
> directory "/var/namedl";
> listen-on { 127.0.0.1; };
> pid-file "resolving.pid";
> };
>
> controls {
> unix "/var/run/ndc-loopback" perm 0600 owner 0 group 0;
> };
>
> Am I missing anything here? Anyone else doing this?
>
> thanks,
> Thomas
More information about the bind-users
mailing list