Name Server Question
seekuel
seekuel at gmail.com
Tue Jan 2 08:06:15 UTC 2007
Sir,
I did install a caching-nameserver because we lack the resources. This
server is also used as a proxy server and an ftp server.
As you can see it is not tidy and still needs more configuration.
Thanks
-----------------------------------
Below is the named.conf entry
-----------------------------------
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
version "NO IDEA";
// recursion no;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
zone "255.in-addr.arpa" IN {
type master;
file "named.broadcast";
allow-update { none; };
};
zone "0.in-addr.arpa" IN {
type master;
file "named.zero";
allow-update { none; };
};
include "/etc/rndc.key";
// caching ends here
// name server starts here
view "trusted" {
zone "booom.com.ph" IN {
type master;
file "masters/booom.com.ph";
allow-update { none; };
};
zone "60.177.203.in-addr.arpa" {
type master;
file "masters/booom.com.ph.rev";
allow-update { none; };
};
zone "jac.ph" IN {
type master;
file "masters/jac.ph";
allow-update { none; };
};
zone "booom.internal" {
type master;
file "masters/booom.internal";
};
zone "1.16.172.in-addr.arpa" {
type master;
file "masters/booom.internal.rev";
allow-update { none; };
};
recursion no;
};
-----------------------------------
-----------------------------------
On 1/2/07, Danny Mayer <mayer at gis.net> wrote:
>
> seekuel wrote:
> > Sir,
> >
> > Is there any way to determine this issue? UDP port 53 is open but TCP is
> closed.
> >
>
> Both need to be open. DNS responses for queries like Google are unlikely
> to fit into a UDP packet unless it's responding with a larger UDP packet
> size. That means that it does retries with TCP when it gets a truncated
> flag.
>
> > On 12/30/06, Barry Margolin <barmar at alum.mit.edu> wrote:
> >> In article <en3jqh$1vp9$1 at sf1.isc.org>, seekuel <seekuel at gmail.com>
> >> wrote:
> >>
> >>> Hello group,
> >>> I am new to BIND and I've configured a centos 4.4 box with bind,
> >>> bind-chroot, caching-nameserver installed. This box functions an
> >>> authoritative name server for our domain.
> >>>
>
> You don't need or want caching if it's just authorative for the domain.
>
> >>> I am confuse. This server is an authoritative server for our domain
> and
> >> when
> >>> our work station uses its public ip as the dns that workstation cannot
> >>> resolve other domains. This is also true in the server it self. If I
> edit
> >>> /etc/resolv.conf to 127.0.0.1 or its public ip the server cannot
> resolve
> >> to
> >>> other domains say google.com. When I use our ISP's dns in
> /etc/resolv.conf
> >>> then it can resolve to other domains.
> >>>
>
> Then you need to check to see if it's actually receiving the queries.
> Did you turn on query logging to see if it gets them? Does it work if
> you query directly with dig?
>
> >>> This are some of my questions. In an authoritative name server, why is
> it
> >>> that even a caching-nameserver is installed and change
> /etc/resolv.conf to
> >>> the server's ip this server cannot resolve to other domain but it can
> >>> resolve our domain.
>
> A nameserver that is only authorative will only respond to queries for
> domains that it owns. If you want it to act as a nameserver for lookups
> for other domains it needs to be set up to allow recursion, but you also
> want to restrict that to only your own systems.
>
> Is there something wrong with the configurations? Im
> >>> willing to attach the configuration if needed.
>
> You need to post your named.conf file. Please do not edit it as it
> prevents people from seeing what's really the problem.
>
> Danny
>
Respectfully yours,
Sandeil
More information about the bind-users
mailing list