Name Server Question

seekuel seekuel at gmail.com
Tue Jan 2 08:06:15 UTC 2007 

Sir,
I did install a caching-nameserver because we lack the resources. This
server is also used as a proxy server and an ftp server.

As you can see it is not tidy and still needs more configuration.

Thanks

-----------------------------------
Below is the named.conf entry
-----------------------------------
//
// named.conf for Red Hat caching-nameserver
//

options {
    directory "/var/named";
    dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
    version "NO IDEA";
//    recursion no;
    /*
     * If there is a firewall between you and nameservers you want
     * to talk to, you might need to uncomment the query-source
     * directive below.  Previous versions of BIND always asked
     * questions using port 53, but BIND 8.1 uses an unprivileged
     * port by default.
     */
     // query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
    inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};

zone "." IN {
    type hint;
    file "named.ca";
};

zone "localdomain" IN {
    type master;
    file "localdomain.zone";
    allow-update { none; };
};

zone "localhost" IN {
    type master;
    file "localhost.zone";
    allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "named.local";
    allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
        type master;
    file "named.ip6.local";
    allow-update { none; };
};

zone "255.in-addr.arpa" IN {
    type master;
    file "named.broadcast";
    allow-update { none; };
};

zone "0.in-addr.arpa" IN {
    type master;
    file "named.zero";
    allow-update { none; };
};

include "/etc/rndc.key";
// caching ends here

// name server starts here
view "trusted" {
   zone "booom.com.ph" IN {
        type master;
        file "masters/booom.com.ph";
        allow-update { none; };
        };
    zone "60.177.203.in-addr.arpa" {
        type master;
        file "masters/booom.com.ph.rev";
    allow-update { none; };
      };
    zone "jac.ph" IN {
        type master;
        file "masters/jac.ph";
        allow-update { none; };
        };
   zone "booom.internal" {
    type master;
    file "masters/booom.internal";
    };

    zone "1.16.172.in-addr.arpa" {
        type master;
        file "masters/booom.internal.rev";
        allow-update { none; };
    };
   recursion no;
};
-----------------------------------
-----------------------------------

On 1/2/07, Danny Mayer <mayer at gis.net> wrote:
>
> seekuel wrote:
> > Sir,
> >
> > Is there any way to determine this issue? UDP port 53 is open but TCP is
> closed.
> >
>
> Both need to be open. DNS responses for queries like Google are unlikely
> to fit into a UDP packet unless it's responding with a larger UDP packet
> size. That means that it does retries with TCP when it gets a truncated
> flag.
>
> > On 12/30/06, Barry Margolin <barmar at alum.mit.edu> wrote:
> >> In article <en3jqh$1vp9$1 at sf1.isc.org>, seekuel <seekuel at gmail.com>
> >> wrote:
> >>
> >>> Hello group,
> >>> I am new to BIND and I've configured a centos 4.4 box with bind,
> >>> bind-chroot, caching-nameserver installed. This box functions an
> >>> authoritative name server for our domain.
> >>>
>
> You don't need or want caching if it's just authorative for the domain.
>
> >>> I am confuse. This server is an authoritative server for our domain
> and
> >> when
> >>> our work station uses its public ip as the dns that workstation cannot
> >>> resolve other domains. This is also true in the server it self. If I
> edit
> >>> /etc/resolv.conf to 127.0.0.1 or its public ip the server cannot
> resolve
> >> to
> >>> other domains say google.com. When I use our ISP's dns in
> /etc/resolv.conf
> >>> then it can resolve to other domains.
> >>>
>
> Then you need to check to see if it's actually receiving the queries.
> Did you turn on query logging to see if it gets them? Does it work if
> you query directly with dig?
>
> >>> This are some of my questions. In an authoritative name server, why is
> it
> >>> that even a caching-nameserver is installed and change
> /etc/resolv.conf to
> >>> the server's ip this server cannot resolve to other domain but it can
> >>> resolve our domain.
>
> A nameserver that is only authorative will only respond to queries for
> domains that it owns. If you want it to act as a nameserver for lookups
> for other domains it needs to be set up to allow recursion, but you also
> want to restrict that to only your own systems.
>
> Is there something wrong with the configurations? Im
> >>> willing to attach the configuration if needed.
>
> You need to post your named.conf file. Please do not edit it as it
> prevents people from seeing what's really the problem.
>
> Danny
>


Respectfully yours,
Sandeil

More information about the bind-users mailing list