bind9 questions
Timothy.Moseley at hurlburt.af.mil
Timothy.Moseley at hurlburt.af.mil
Thu Mar 1 14:07:52 UTC 2001
Jim, I just wanted to thank you for answering, but some of your comments
were up in the ozone. If I say I downloaded and printed out the manual then
of course I read them, I figured if I put the statement in about the manual
then I would not get any dumbass statements about rtfm.(SIGH) I hide the
domain name and the actual IP's because of the last part of my domain name
(.mil). You could not see the servers I am working on if you wanted to, all
you would see is the outside and that is not the problem. I used the kill
-HUP statement w/ bind8 and I know how the back tics go but typing is not my
job its just an extra perk. As you can see on my named.conf
options {
directory "/var/named";
pid-file "/usr/local/etc/named.pid";
auth-nxdomain yes; ----------the default for the 'auth-nxdomain'
option is now 'no' (WHY?)
statistics-file "/var/named/stats";
transfer-format many-answers; -------------------------for zone
transfers or so manual says
transfer-source primary_internal_dns_address; ----------for zone
transfers or so manual says
forward only;
forwarders {
internal_firewall_IP;
};
allow-transfer { none; };
zone "domain.af.mil" {
type slave; -------------------for zone transfers
file "secondary/domain.af.mil";
masters {
primary_internal_dns_address;-----------------for zone
transfers
};
allow-update {
localhost; -------------------for zone transfers or so
any bind says
};
notify no;
};
You had an answer for my email so tell me why this is not working?
You--Why don't you read the name server's logs? There will be a message
> >there explaining why the zone transfers are failing.
Me- I showed you the logs, here let me show you again.
/usr/local/sbin/named[263]: the default for the
> >'auth-nxdomain' option is now 'no'
> > Timothy> Feb 28 20:56:15 pinnacle4
> >/usr/local/sbin/named[263]: option 'check-names' is not implemented
So you decode this and tell me what its says about zone transfers, I don't
see anything. All this tells me is that its not doing check names and even
tho I have auth-nxdomain set to yes it is going to set it to no.
YOU--If you'd told us the server's address and the domain
> >name, someone might have been able to query it and find the
> >problem. Does the slave have a higher serial number for the zone than
> >the master server? This is a depressingly common problem with QIP.
Me--you can't querey it, this is a clue on that
forward only;
forwarders {
internal_firewall_IP;----inside fire wall
};
Now if anybody has some helpful hints then I would be glad to read them.
Thank you for all the help,
Tim
More information about the bind-users
mailing list