OpenBSD BIND9 Config Help - dig times out

Stolen stolen at thecave.net
Tue Sep 2 17:46:02 UTC 2003 


David Kaplowitz wrote:

>Hi,
>
>I'm setting up my first DNS server. It's on the OpenBSD platform and the 
>server in question is on a DMZ behind a pf FW. It uses a private IP, but 
>will host real external domains. The firewall is currently closed to any 
>traffic to/from the DMZ until I can get the DNS configured.
>
>I used  DNS & BIND's examples for my zone data files. I put all the db.* 
>files in the /var/named/master directory and told named.conf to look in 
>that directory. When starting named with the "-g" switch, I get the 
>following output:
>
>Sep 01 11:43:36.151 starting BIND 9.2.2 -g
>Sep 01 11:43:36.152 using 1 CPU
>Sep 01 11:43:36.159 loading configuration from '/etc/named.conf'
>Sep 01 11:43:36.160 /etc/named.conf:3: option 'directory' contains 
>relative path 'master'
>Sep 01 11:43:36.161 listening on IPv6 interfaces, port 53
>Sep 01 11:43:36.163 listening on IPv4 interface lo0, 127.0.0.1#53
>Sep 01 11:43:36.163 listening on IPv4 interface fxp0, 192.168.1.3#53
>Sep 01 11:43:36.171 none:0: open: /etc/rndc.key: file not found
>Sep 01 11:43:36.171 couldn't add command channel 127.0.0.1#953: file not 
>found
>Sep 01 11:43:36.172 none:0: open: /etc/rndc.key: file not found
>Sep 01 11:43:36.172 couldn't add command channel ::1#953: file not found
>Sep 01 11:43:36.172 using pre-chroot entropy source /dev/arandom
>Sep 01 11:43:36.173 ignoring config file logging statement due to -g option
>Sep 01 11:43:36.175 zone 0.0.127.in-addr.arpa/IN: loaded serial 1
>Sep 01 11:43:36.178 zone 1.168.192.in-addr.arpa/IN: loaded serial 1
>Sep 01 11:43:36.181 zone mainlinecomputersupport.com/IN: loaded serial 1
>Sep 01 11:43:36.181 running
>Sep 01 11:43:36.182 zone mainlinecomputersupport.com/IN: sending 
>notifies (serial 1)
>Sep 01 11:43:36.184 zone 1.168.192.in-addr.arpa/IN: sending notifies 
>(serial 1)
>Sep 01 11:43:36.185 zone 0.0.127.in-addr.arpa/IN: sending notifies 
>(serial 1)
>
>It looks to me that though there are some errors, the name server is 
>running. But if I do a "dig -x 127.0.0.1" it times out saying: 
>"connection timed out; no servers could be reached"
>
>Now, the DMZ is not yet routing to the rest of the world (either in or 
>out), so I don't expect it to find anything yet, but I thought that I 
>was telling dig to look at localhost for its query.
>  
>
here you were telling dig to look up the reverse dns for 127.0.0.1.  you 
didn't specify any servers, so it would have used resolv.conf to find 
it's default server and tried to connect to that.

>Here is my named.conf:
>
>// plagiarized from DNS&BIND 4th ed.
>options {
>         directory "master";
>};
>zone "mainlinecomputersupport.com" in {
>         type master;
>         file "db.mainlinecomputersupport.com";
>};
>
>zone "1.168.192.in-addr.arpa" in {
>         type master;
>         file "db.192.168.1";
>};
>
>zone "0.0.127.in-addr.arpa" in {
>         type master;
>         file "db.127.0.0";
>};
>
>zone "." in {
>         type hint;
>         file "db.cache";
>};
>
>
>Any ideas what I'm missing in this config? Thanks in advance for any help.
>
>
>
>  
>

More information about the bind-users mailing list