BIND: master, slave & cache woes
Kimi Ostro
kimimeister at gmail.com
Sat Nov 5 03:37:00 UTC 2005
Hello bind-users@,
A while back I asked how I could setup a master, slave and cache DNS service
and I got it all working wonderfully.
Last week I had a some hardware failiures and decide to redo every single
computer. I am now at the DNS part and for the life of me I cannot remember
how I got my setup to work.
As some people love pictures:
[firewall]
\
[master] <-> [slave] <-> [cache]
| /
| /
[dhcp-ddns] /
\ /
\ /
[client]
both the master & slave are --I think this is where I've gone a bit wrong--
authorative for internal name resolution and works great. Now for some
reason on the Unix boxes if I have the following entries in resolv.conf
master:
domain example.org <http://example.org>.
nameserver 127.0.0.1 <http://127.0.0.1>
slave:
domain example.org <http://example.org>.
nameserver 127.0.0.1 <http://127.0.0.1>
nameserver 192.168.2.210 <http://192.168.2.210>
cache:
domain example.org <http://example.org>.
nameserver 127.0.0.1 <http://127.0.0.1>
nameserver 192.168.2.204 <http://192.168.2.204>
client:
domain example.org <http://example.org>.
nameserver 192.168.2.204 <http://192.168.2.204>
#nameserver 192.168.2.210 <http://192.168.2.210>
name resolution just does not work. Now on windows I enter both
192.168.2.204 <http://192.168.2.204> & 192.168.2.210
<http://192.168.2.210>for nameservers I have no problems, but
192.168.2.204 <http://192.168.2.204> on its own and contacting anything not
internal is a no go.
my named.conf's:
master:
include "etc/rndc.key";
controls {
inet 127.0.0.1 <http://127.0.0.1> allow { any; } keys { "rndc-key"; };
};
options {
version "";
directory "/";
listen-on {
127.0.0.1/32 <http://127.0.0.1/32>;
192.168.2.0/24 <http://192.168.2.0/24>;
};
listen-on-v6 {
none;
};
dump-file "var/db/named_dump.db";
statistics-file "var/log/named_stats";
auth-nxdomain no;
notify no;
recursion no;
allow-transfer {
none;
};
allow-query {
127.0.0.1/32 <http://127.0.0.1/32>;
192.168.2.0/24 <http://192.168.2.0/24>;
};
};
logging {
category lame-servers {
null;
};
};
view "internal" {
match-clients {
127.0.0.1/32 <http://127.0.0.1/32>;
192.168.2.0/24 <http://192.168.2.0/24>;
};
zone "example.org <http://example.org>" {
type master;
file "master/example.org.db";
allow-transfer {
192.168.2.204/32 <http://192.168.2.204/32>;
};
notify yes;
};
zone "2.168.192.IN-ADDR.ARPA" {
type master;
file "master/example.org.rev";
allow-transfer {
192.168.2.204/32 <http://192.168.2.204/32>;
};
notify yes;
};
zone "localhost" {
type master;
file "master/localhost";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/loopback";
};
zone "0.IN-ADDR.ARPA" {
type master;
file "master/named.network";
};
zone "255.IN-ADDR.ARPA" {
type master;
file "master/named.broadcast";
};
};
slave:
include "etc/rndc.key";
controls {
inet 127.0.0.1 <http://127.0.0.1> allow { any; } keys { "rndc-key"; };
};
options {
version "";
directory "/";
listen-on {
192.168.2.0/24 <http://192.168.2.0/24>;
127.0.0.1/32 <http://127.0.0.1/32>;
};
listen-on-v6 {
none;
};
dump-file "var/db/named_dump";
statistics-file "var/log/named_stats";
/*
forwarders {
192.168.2.210 <http://192.168.2.210>;
};
forward only;
*/
recursion no;
};
logging {
category lame-servers {
null;
};
};
view "internal" {
match-clients {
127.0.0.1/32 <http://127.0.0.1/32>;
192.168.2.0/24 <http://192.168.2.0/24>;
};
zone "example.org <http://example.org>" {
type slave;
file "slave/sec.example.org.db";
masters {
192.168.2.202 <http://192.168.2.202>;
};
};
zone "2.168.192.IN-ADDR.arpa" {
type slave;
file "slave/sec.example.org.rev";
masters {
192.168.2.202 <http://192.168.2.202>;
};
};
/*
zone "." {
type hint;
file "master/root.cache";
};
*/
zone "localhost" {
type master;
file "master/localhost";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/loopback";
};
zone "0.IN-ADDR.ARPA" {
type master;
file "master/named.network";
};
zone "255.IN-ADDR.ARPA" {
type master;
file "master/named.broadcast";
};
};
cache:
include "etc/rndc.key";
controls {
inet 127.0.0.1 <http://127.0.0.1> allow { any; } keys { "rndc-key"; };
};
options {
version "";
listen-on {
192.168.2.210/24 <http://192.168.2.210/24>;
127.0.0.1/32 <http://127.0.0.1/32>;
};
listen-on-v6 {
none;
};
dump-file "var/db/named_dump";
statistics-file "var/log/named_stats";
recursion yes;
allow-recursion {
192.168.2.210/24 <http://192.168.2.210/24>;
127.0.0.1/32 <http://127.0.0.1/32>;
};
auth-nxdomain yes;
};
logging {
category lame-servers {
null;
};
};
view "internal" {
match-clients {
127.0.0.1/32 <http://127.0.0.1/32>;
192.168.2.0/24 <http://192.168.2.0/24>;
};
zone "." {
type hint;
file "master/root.cache";
};
zone "localhost" {
type master;
file "master/localhost";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "master/loopback";
};
};
Unless of course someone can think of doing the samething, but better?
All running NetBSD-3.0-BETA and BIND 9.3.0 via pkgsrc.
Thanks
--
Kimi
More information about the bind-users
mailing list