BIND configuration - superior wisdom required.

Mon Dec 20 16:22:37 UTC 2004

bind-users-bounce at isc.org wrote on 12/19/2004 03:39:48 PM:
> Barry Margolin wrote:
> 
> > You don't need views for this, because you shouldn't be getting any 
> > queries from anywhere other than your local network.  Simply configure 

> > your server as a master for your forward zone and the reverse zone for 

> > 10.in-addr.arpa.  Your server will answer with this information for 
your 
> > servers, and recurse out to the Internet for everything else (there's 
no 
> > need to forward to your ISP's DNS, that just adds an extra hop and 
point 
> > of failure).
> 
> Hi Barry,
> 
> Thanks for the pointers. I've got things working for the local network, 
> but for some reason the server won't recurse out. I wonder if you could 
> have a quick glance through my named.conf to see if you can spot any 
> glaring errors?

Are there any errors in your log?

> 
> acl clients {
>          10.0.0.0/24;
>          "localhost";
> };
> options {
>          version "";
>          allow-transfer { none; };
>          listen-on    { clients; };

The listen-on option does not do what you think it does:

The interfaces and ports that the server will answer queries from may be 
specified using the listen-on option. listen-on takes an optional port, 
and an address_match_list. The server will listen on all interfaces 
allowed by the address match list. If a port is not specified, port 53 
will be used.
Multiple listen-on statements are allowed. For example,
listen-on { 5.6.7.8; };
listen-on port 1234 { !1.2.3.4; 1.2/16; };

will enable the name server on port 53 for the IP address 5.6.7.8, and on 
port 1234 of an address on the machine in net 1.2 that is not 1.2.3.4.
If no listen-on is specified, the server will listen on port 53 on all 
interfaces.

If you system does not have multiple interfaces you can safely drop this 
option.  If it does, use this option to specify which interfaces the name 
daemon will listen on... An entire class C subnet is not a valid interface 
address.

hth,

Dave...
> };
> logging {
>          category lame-servers { null; };
> };
> zone "." {
>          type hint;
>          file "standard/root.hint";
> };
> zone "localhost" {
>          type master;
>          file "standard/localhost";
>          allow-update { none; };
> };
> zone "127.in-addr.arpa" {
>          type master;
>          file "standard/loopback";
>          allow-update { none; };
> };
> zone "artyzan.net" {
>          type master;
>          file "master/artyzan.net";
> };
> zone "0.0.10.in-addr.arpa" {
>          type master;
>          file "master/0.0.10.rev";
> };
> 
> 
> -- 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.296 / Virus Database: 265.6.0 - Release Date: 17/12/2004
> 
> 