Root hints not working

Kevin Darcy kcd at daimlerchrysler.com
Fri Mar 2 02:29:55 UTC 2001 

That hints file is pretty bogus -- A records but no NS records.

On the other hand, that shouldn't really matter if your forwarders are
working. Are they?

If you have firewall filters between you and your forwarders and/or
between you and the Internet, they may have to be adjusted. BIND 8 and 9
use unprivileged ports for outgoing queries, whereas BIND 4 always used
port 53. The preferred method of dealing with this is to adjust the
filters, but if for some extraterrestrial reason that is not feasible,
you could kludge it using the "query-source" option to force named to use
port 53.

(I assume you're chroot()'ed here, otherwise how do you expect named to
find the files under /var/named, which isn't mentioned anywhere in your
config?)



- Kevin

jhuovila at iobox.fi wrote:

> Hi everyone!
>
> I used to run BIND 4.97 on my OpenBSD 2.6 box, and everything worked
> fine. Because of the recently found security issue, I upgraded to BIND
> 9.1. My name server is authorative for three domains. These three
> domains work fine, but my server is not able to resolve addresses of
> any other domains anymore. This used to work fine with BIND 4.97. I'm
> using the same root server hint file I used with 4.97. Can anyone
> point out what I'm doing wrong here?
>
> Thanks!
>
> - Jari
>
> (addresses and domains are not real)
> ======================================================================
>
> /var/named/etc/named.conf:
>
> options {
>
>         version "";
>         directory "/";
>         dump-file "named_dump.db";
>         pid-file "named.pid";
>         statistics-file "named.stats";
>         auth-nxdomain yes;
>         recursion yes;
>         forwarders {
>                 111.111.111.111;
>                 222.222.222.222;
>         };
>
>         allow-query { any; };
>         allow-transfer { any; };
> }
>
> zone "." {
>         type hint;
>         file "namedb/root.cache";
> };
>
> zone "mydomain.com" {
>         type master;
>         file "namedb/mydomain.com.dns";
> };
>
> zone "mydomain.net" {
>         type master;
>         file "namedb/mydomain.net.dns";
> };
>
> zone "mydomain.org" {
>         type master;
>         file "namedb/mydomain.org.dns";
> };
>
> ======================================================================
>
> /var/named/namedb/root.cache:
>
> A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
> B.ROOT-SERVERS.NET.      3600000      A     128.9.0.107
> C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
> [snip]
> M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
>
> ======================================================================
>
> /var/named/namedb/mydomain.com.dns:
>
> $TTL 48h
>
> mydomain.com.    IN      SOA     dns.mydomain.com.
> root.dns.mydomain.com.
> . (
>                         14      ; Serial
>                         3600    ; Refresh
>                         900     ; Retry
>                         3600000 ; Expire
>                         3600 )  ; Minimun
>
>                 IN      NS              dns.mydomain.com.
>                 IN      NS              dns2.mydomain.com.
>                 IN      MX      10      mail.mydomain.com.
>
> localhost.mydomain.com.  IN      A       127.0.0.1
>
> www.mydomain.com.                IN      A       333.333.333.333
> mail.mydomain.com.                  IN      A       444.444.444.444
>
> ======================================================================

More information about the bind-users mailing list