Problem with DNS on mandriva 2007
Jeffrey Reasoner
jeff.reasoner at mail.hccanet.org
Tue Jan 30 13:44:08 UTC 2007
On Tue, 2007-01-30 at 00:05, Carlos Alberto Bernat Orozco wrote:
> Hi group
> Sorry but I'm clueless. My server still does not resolve. Let me explain my
> self. I configured all my zones to make my DNS server.
>
> This is my named.conf
>
>
> include "/etc/rndc.key";
>
> controls {
> inet 127.0.0.1 port 953
> allow { 127.0.0.1; } keys { mykey; };
> };
>
> // Access lists (ACL's) should be defined here
> include "/etc/bogon_acl.conf";
> include "/etc/trusted_networks_acl.conf";
What is in trusted_networks_acl.conf? Is it being loaded? You could
define it in named.conf rather than include. If the source IP address of
your queries does not match this acl your server won't perform recursion
and all you'l get is the referrals you're seeing.
>
> // Define logging channels
> include "/etc/logging.conf";
>
> options {
> version "";
> directory "/var/named";
> dump-file "/var/tmp/named_dump.db";
> pid-file "/var/run/named.pid";
> statistics-file "/var/tmp/named.stats";
> zone-statistics yes;
> // datasize 256M;
> coresize 100M;
> // fetch-glue no;
> // recursion no;
> // recursive-clients 10000;
> auth-nxdomain yes;
> query-source address * port *;
> listen-on port 53 { any; };
> cleaning-interval 120;
> transfers-in 20;
> transfers-per-ns 2;
> lame-ttl 0;
> max-ncache-ttl 10800;
> notify no;
> transfer-format many-answers;
> max-transfer-time-in 60;
> interface-interval 0;
> allow-recursion { trusted_networks; };
> blackhole { bogon; };
> };
>
> zone "ac" { type delegation-only; };
> zone "cc" { type delegation-only; };
> zone "com" { type delegation-only; };
> zone "cx" { type delegation-only; };
> zone "lv" { type delegation-only; };
> zone "museum" { type delegation-only; };
> zone "net" { type delegation-only; };
> zone "nu" { type delegation-only; };
> zone "ph" { type delegation-only; };
> zone "sh" { type delegation-only; };
> zone "tm" { type delegation-only; };
> zone "ws" { type delegation-only; };
>
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> zone "localdomain" IN {
> type master;
> file "master/localdomain.zone";
> allow-update { none; };
> };
>
> zone "localhost" IN {
> type master;
> file "master/localhost.zone";
> allow-update { none; };
> };
>
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "reverse/named.local";
> allow-update { none; };
> };
>
> zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6arpa"
> IN {
> type master;
> file "reverse/named.ip6.local";
> allow-update { none; };
> };
>
> zone "255.in-addr.arpa" IN {
> type master;
> file "reverse/named.broadcast";
> allow-update { none; };
> };
>
> zone "0.in-addr.arpa" IN {
> type master;
> file "reverse/named.zero";
> allow-update { none; };
> };
> //poner master/
> zone "codisert.com.co" IN {
> type master;
> file "codisert.com.co.db";
> allow-update { none; };
> };
> //poner reverse/
> zone "66.21.200.in-addr.arpa" IN {
> type master;
> file "200.21.66.rev";
> allow-update { none; };
> };
> //poner reverse/
> zone "62.21.200.in-addr.arpa" IN {
> type master;
> file "200.21.62.rev";
> allow-update { none; };
> };
>
> ########################################
> And these are my DNS querys with the -x option:
>
> # dig @200.21.66.194 -x 200.21.66.194
>
> ; <<>> DiG 9.3.0 <<>> @200.21.66.194 -x 200.21.66.194
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43611
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; QUESTION SECTION:
> ;194.66.21.200.in-addr.arpa. IN PTR
>
> ;; ANSWER SECTION:
> 194.66.21.200.in-addr.arpa. 3600 IN PTR ethereal.codisert.com.co.
>
> ;; AUTHORITY SECTION:
> 66.21.200.in-addr.arpa. 604800 IN NS ethereal.codisert.com.co.
>
> ;; ADDITIONAL SECTION:
> ethereal.codisert.com.co. 604800 IN A 200.21.66.194
>
> ;; Query time: 39 msec
> ;; SERVER: 200.21.66.194#53(200.21.66.194)
> ;; WHEN: Tue Jan 30 00:01:42 2007
> ;; MSG SIZE rcvd: 112
>
>
> Thanks to Stephen, I added a dot on my 200.21.66.rev file. What I understood
> is to allow recursion in order to make work my DNS server. But still
> continue my problem.
>
> I've reading about recursion, and I think that if is enable it by default,
> then what other causes could posibble affect that my DNS server does not
> resolv any web site? I already configured my firewall. But I'm lost with
> this issue.
>
> Please give some more steps to get more info. I have a week with no
> solution.
>
>
> Thanks in advanced and sorry for the dummie question
>
> Carlos Bernat
>
> 2007/1/29, Barry Margolin <barmar at alum.mit.edu>:
> >
> > In article <epmdd7$2rfd$1 at sf1.isc.org>,
> > "Carlos Alberto Bernat Orozco" <cabo81 at gmail.com> wrote:
> >
> > > Hi group
> > > Thanks Stephane for your answers. Sorry, my mistake on the -x option on
> > the
> > > dig command. What you said before is that my DNS won't resolve unless
> > uses
> > > recursion to make querys.
> > >
> > > Sorry, I've been reading about how enable it (recursion) but I can't
> > find
> > > info. How can I enable it (in the zones, named.conf) ? or where can I
> > find
> > > info to enable it?
> >
> > Recursion is enabled by default, you have to disable it with "recursion
> > no;" or "allow-recursion { <acl> };" in named.conf.
> >
> > --
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> > *** PLEASE don't copy me on replies, I'll read them in the group ***
> >
> >
> >
>
>
>
#####################################################################################
This email has been scanned by MailMarshal, an email content filter.
#####################################################################################
More information about the bind-users
mailing list