reg named.conf configuration file in bind 9.3.4
B Zaman Laskar
m2bzamanl at gmail.com
Sat Dec 29 11:10:47 UTC 2007
Greetings Chris ,
Thanks for the clarification.
> The behavior you describe has nothing whatsoever to do with the local,
> > unregistered zone. Instead, it has to do with recursion. Because the
> > other hosts are able to resolve names in the unregistered zone, I
> > suspect that the problem is not a view configuration. Therefore, if
> > you are using BIND 9.3.x, the problem is likely to do with this value:
> >
> > options {
> > allow-recursion { some-acl; };
> > };
>
> I tried by putting the allow-recursion statement as follows.
allow-recursion { localnets; } ;
and it worked fine . I was able to resolve registered domain names
from the other machine.
Initially allow-recursion was not set to localhost ; There was no
statement with
allow-recursion in named.conf file . So , probably the default
behaviour of BInd 9.3.x
is to allow recursion for only localhost for name resolution of
domains other than the
configured domain name name.
Please correct me if I am wrong.
Now I am extending the scenario a little bit further .
I want to do name resolution from another machine on another network by
pointing the
resolver to that name server (which I have configured)
.
For this I put the following statement in /etc/named.conf
allow-recursion { any; } ;
under the options directive. But name resolution is not occuring from
the other machine.
for any domain including the configured domain name.
is the configuraton is correct for the scenario I am tring to achieve.
.
The name server is reachable from the other machine.
The following are the contents of named.conf
**********
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
allow-recursion { any; } ;
};
zone "." IN {
type hint;
file "named.root";
};
zone "localdomain." IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "somedomain.in." IN {
type master;
file "somedomain.in.zone";
allow-update { none; };
};
zone "localhost." IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa." IN {
type master;
file "named.local";
allow-update { none; };
};
zone "X.Y.202.in-addr.arpa." IN {
type master;
file "somedomain.in.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa."
IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa." IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa." IN {
type master;
file "named.zero";
allow-update { none; };
};
include "/etc/rndc.key";
***************
Thanks in Advance.
.
>
> If you were to post your named.conf, we (list members) could be more
> precise about the cause of the problem.
>
> Chris Buxton
> Professional Services
> Men & Mice
> Address: Noatun 17, IS-105, Reykjavik, Iceland
> Phone: +354 412 1500
> Email: cbuxton at menandmice.com
> www.menandmice.com
>
> Men & Mice
> We bring control and flexibility to network management
>
> This e-mail and its attachments may contain confidential and
> privileged information only intended for the person or entity to which
> it is addressed. If the reader of this message is not the intended
> recipient, you are hereby notified that any retention, dissemination,
> distribution or copy of this e-mail is strictly prohibited. If you
> have received this e-mail in error, please notify us immediately by
> reply e-mail and immediately delete this message and all its attachment.
>
>
>
> On Dec 28, 2007, at 8:47 PM, B Zaman Laskar wrote:
>
> > Greetings All and Happy New Year wishes to all the Members.
> >
> > On Dec 27, 2007 10:44 PM, Steven Stromer < filter at stevenstromer.com>
> > wrote:
> >
> >> In FC6 the named.conf file is not created at install. I've found that
> >> the following workaround creates all of the needed files correctly.
> >> If you haven't configured anything yet, you might just uninstall
> >> bind-
> >> chroot to follow the steps exactly, or you can try running system-
> >> config-bind (locally), and see if that alone is enough to generate
> >> the file.
> >>
> >> 1. yum install bind bind-libs bind-utils system-config-bind (not
> >> bind-
> >> chroot, yet)
> >>
> >> 2. Run system-config-bind (locally), and exit without creating any
> >> settings,
> >> which successfully creates the standard conf and zone files.
> >>
> >> 3. Install bind-chroot, which successfully creates the chroot
> >> directories,
> >> and all of the proper links.
> >>
> >> I tried the steps as mentioned by Steven and it worked
> >> fine . I
> > was able to
> > configure bind for a particular domain and name resolution
> > is
> > taking place.
> >
> > But I had another confusion for which I need clarification. It is
> > nothing on BIND
> > but it is on how DNS works....
> > The scenario is like this......
> >
> > I have configured bind on a machine which is having a public IP
> > but for
> > a unregistered
> > domain "somedomain.com" . The domain name is unregistered
> > because it is
> > for experimental
> > purpose only. In /etc/resolv.conf , I have put the entry as
> > 127.0.0.1because named is running
> > on that machine only.
> >
> >
> > Now when I try to do name resolution for google.com or any
> > registered
> > domain name
> > host www.google.com
> > on that host , the name resolution occurs fine .
> >
> > But if I try to do the same name resolution for any registered
> > domain
> > name on another machine
> > on the same network , name resolution is not happening for any
> > registered domains. But name
> > resolution is occuring for "somedomain.com" . I have that machine 's
> > resolver to point to
> > the host running name server.
> >
> > Please clarfiy whether that behavior is normal. Is name resolution
> > for
> > registered domain
> > name is not occuring because the name server is configured with a
> > unregistered domain
> > name. But then the question comes , why name resolution is
> > happening on
> > the host running
> > the name server even though it is configured for unregistered domain
> > name.
> >
> > Please clarify my confusion .
> >
> > Once again Thanks in Advance
> >
> >
> > regards
> > zaman
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >>
> >>
> >> On Dec 27, 2007, at 3:23 AM, B Zaman Laskar wrote:
> >>
> >>> Greetings All,
> >>> I have installed the Bind DNS package in Fedora Core 6. The
> >>> Bind
> >>> version is 9.3.4.
> >>> The /etc/named.conf which is provided by caching-nameserver is
> >>> missing.
> >>> But another file is there , named.rfc1912.zones which is
> >>> having the
> >>> same
> >>> format as /etc/named.conf .
> >>> If I rename named.rfc1912.zones to named.conf and restart the
> >>> named
> >>> service , it fails with the following errors.
> >>>
> >>> ""
> >>> Stopping named: [FAILED]
> >>> Starting named:
> >>> Error in named configuration:
> >>> zone localdomain/IN: loading master file localdomain.zone: file not
> >>> found
> >>> _default/localdomain/IN: file not found
> >>> zone localhost/IN: loading master file localhost.zone: file not
> >>> found
> >>> _default/localhost/IN: file not found
> >>> zone 0.0.127.in-addr.arpa/IN: loading master file named.local: file
> >>> not found
> >>> _default/0.0.127.in-addr.arpa/IN: file not found
> >>> zone
> >>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
> >>> .ip6.arpa
> >>> /
> >>> IN: loading master file named.ip6.local: file not found
> >>> _default/
> >>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0
> >>> .ip6.arpa
> >>> /
> >>> IN: file not found
> >>> zone 255.in-addr.arpa/IN: loading master file named.broadcast: file
> >>> not found
> >>> _default/255.in-addr.arpa /IN: file not found
> >>> zone 0.in-addr.arpa/IN: loading master file named.zero: file not
> >>> found
> >>> _default/0.in-addr.arpa/IN: file not found
> >>> [FAILED]
> >>> ""
> >>>
> >>> f I configure named.rfc1912.zones , named works fine and name
> >>> resolution occurs for the configured domain.
> >>>
> >>> So, I want to know whether with the current versions of bind ,
> >>> named.conf has been renamed to named.rfc1912.zones .
> >>>
> >>> Also , Is it O.K to use named.rfc1912.zones as the bind
> >>> configuration
> >>> file . If that is not the case , please let me know how to use
> >>> named.conf with the later versions of Bind.
> >>> With Thanks in Advance.
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >
> >
> >
>
>
More information about the bind-users
mailing list