Problem with DNS on mandriva 2007
Carlos Alberto Bernat Orozco
cabo81 at gmail.com
Tue Jan 30 19:57:31 UTC 2007
Hi group
Thanks Jeffrey and Justin for interest. Sorry for the delay to answer
Yes, I saw that file and modify my networks this way:
# more trusted_networks_acl.conf
acl "trusted_networks" {
// If you are using RFC1918 netblocks please remember to
// comment these in the bogon_acl.conf file.
127.0.0.1;
192.168.0.0/16;
10.1.0.0/16;
10.2.0.0/16;
200.21.0.0/16;
172.16.0.0/16;
};
On the networks above is located my server IP and my test host from where
I'm trying to make the querys but still does not resolve.
When I restart named service, log messages shows only this:
Jan 30 11:13:01 ethereal named[21808]: starting BIND 9.3.2 -u named -t
/var/lib/named
Jan 30 11:13:01 ethereal named[21808]: loading configuration from
'/etc/named.conf'
Jan 30 11:13:01 ethereal named[21808]: listening on IPv4 interface lo,
127.0.0.1#53
Jan 30 11:13:01 ethereal named[21808]: listening on IPv4 interface eth0,
200.21.66.194#53
Jan 30 11:13:01 ethereal named[21808]: command channel listening on
127.0.0.1#953
My firewall allows port 53 on UDP and TCP. What else could it be ?
Carlos Bernat
2007/1/30, Jeffrey Reasoner <jeff.reasoner at mail.hccanet.org>:
>
> On Tue, 2007-01-30 at 00:05, Carlos Alberto Bernat Orozco wrote:
> > Hi group
> > Sorry but I'm clueless. My server still does not resolve. Let me explain
> my
> > self. I configured all my zones to make my DNS server.
> >
> > This is my named.conf
> >
> >
> > include "/etc/rndc.key";
> >
> > controls {
> > inet 127.0.0.1 port 953
> > allow { 127.0.0.1; } keys { mykey; };
> > };
> >
> > // Access lists (ACL's) should be defined here
> > include "/etc/bogon_acl.conf";
> > include "/etc/trusted_networks_acl.conf";
>
> What is in trusted_networks_acl.conf? Is it being loaded? You could
> define it in named.conf rather than include. If the source IP address of
> your queries does not match this acl your server won't perform recursion
> and all you'l get is the referrals you're seeing.
>
>
> >
> > // Define logging channels
> > include "/etc/logging.conf";
> >
> > options {
> > version "";
> > directory "/var/named";
> > dump-file "/var/tmp/named_dump.db";
> > pid-file "/var/run/named.pid";
> > statistics-file "/var/tmp/named.stats";
> > zone-statistics yes;
> > // datasize 256M;
> > coresize 100M;
> > // fetch-glue no;
> > // recursion no;
> > // recursive-clients 10000;
> > auth-nxdomain yes;
> > query-source address * port *;
> > listen-on port 53 { any; };
> > cleaning-interval 120;
> > transfers-in 20;
> > transfers-per-ns 2;
> > lame-ttl 0;
> > max-ncache-ttl 10800;
> > notify no;
> > transfer-format many-answers;
> > max-transfer-time-in 60;
> > interface-interval 0;
> > allow-recursion { trusted_networks; };
> > blackhole { bogon; };
> > };
> >
> > zone "ac" { type delegation-only; };
> > zone "cc" { type delegation-only; };
> > zone "com" { type delegation-only; };
> > zone "cx" { type delegation-only; };
> > zone "lv" { type delegation-only; };
> > zone "museum" { type delegation-only; };
> > zone "net" { type delegation-only; };
> > zone "nu" { type delegation-only; };
> > zone "ph" { type delegation-only; };
> > zone "sh" { type delegation-only; };
> > zone "tm" { type delegation-only; };
> > zone "ws" { type delegation-only; };
> >
> > zone "." IN {
> > type hint;
> > file "named.ca";
> > };
> >
> > zone "localdomain" IN {
> > type master;
> > file "master/localdomain.zone";
> > allow-update { none; };
> > };
> >
> > zone "localhost" IN {
> > type master;
> > file "master/localhost.zone";
> > allow-update { none; };
> > };
> >
> > zone "0.0.127.in-addr.arpa" IN {
> > type master;
> > file "reverse/named.local";
> > allow-update { none; };
> > };
> >
> > zone "
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6arpa"
> > IN {
> > type master;
> > file "reverse/named.ip6.local";
> > allow-update { none; };
> > };
> >
> > zone "255.in-addr.arpa" IN {
> > type master;
> > file "reverse/named.broadcast";
> > allow-update { none; };
> > };
> >
> > zone "0.in-addr.arpa" IN {
> > type master;
> > file "reverse/named.zero";
> > allow-update { none; };
> > };
> > //poner master/
> > zone "codisert.com.co" IN {
> > type master;
> > file "codisert.com.co.db";
> > allow-update { none; };
> > };
> > //poner reverse/
> > zone "66.21.200.in-addr.arpa" IN {
> > type master;
> > file "200.21.66.rev";
> > allow-update { none; };
> > };
> > //poner reverse/
> > zone "62.21.200.in-addr.arpa" IN {
> > type master;
> > file "200.21.62.rev";
> > allow-update { none; };
> > };
> >
> > ########################################
> > And these are my DNS querys with the -x option:
> >
> > # dig @200.21.66.194 -x 200.21.66.194
> >
> > ; <<>> DiG 9.3.0 <<>> @200.21.66.194 -x 200.21.66.194
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43611
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> >
> > ;; QUESTION SECTION:
> > ;194.66.21.200.in-addr.arpa. IN PTR
> >
> > ;; ANSWER SECTION:
> > 194.66.21.200.in-addr.arpa. 3600 IN PTR ethereal.codisert.com.co
> .
> >
> > ;; AUTHORITY SECTION:
> > 66.21.200.in-addr.arpa. 604800 IN NS ethereal.codisert.com.co
> .
> >
> > ;; ADDITIONAL SECTION:
> > ethereal.codisert.com.co. 604800 IN A 200.21.66.194
> >
> > ;; Query time: 39 msec
> > ;; SERVER: 200.21.66.194#53(200.21.66.194)
> > ;; WHEN: Tue Jan 30 00:01:42 2007
> > ;; MSG SIZE rcvd: 112
> >
> >
> > Thanks to Stephen, I added a dot on my 200.21.66.rev file. What I
> understood
> > is to allow recursion in order to make work my DNS server. But still
> > continue my problem.
> >
> > I've reading about recursion, and I think that if is enable it by
> default,
> > then what other causes could posibble affect that my DNS server does not
> > resolv any web site? I already configured my firewall. But I'm lost with
> > this issue.
> >
> > Please give some more steps to get more info. I have a week with no
> > solution.
> >
> >
> > Thanks in advanced and sorry for the dummie question
> >
> > Carlos Bernat
> >
> > 2007/1/29, Barry Margolin <barmar at alum.mit.edu>:
> > >
> > > In article <epmdd7$2rfd$1 at sf1.isc.org>,
> > > "Carlos Alberto Bernat Orozco" <cabo81 at gmail.com> wrote:
> > >
> > > > Hi group
> > > > Thanks Stephane for your answers. Sorry, my mistake on the -x option
> on
> > > the
> > > > dig command. What you said before is that my DNS won't resolve
> unless
> > > uses
> > > > recursion to make querys.
> > > >
> > > > Sorry, I've been reading about how enable it (recursion) but I can't
> > > find
> > > > info. How can I enable it (in the zones, named.conf) ? or where can
> I
> > > find
> > > > info to enable it?
> > >
> > > Recursion is enabled by default, you have to disable it with
> "recursion
> > > no;" or "allow-recursion { <acl> };" in named.conf.
> > >
> > > --
> > > Barry Margolin, barmar at alum.mit.edu
> > > Arlington, MA
> > > *** PLEASE post questions in newsgroups, not directly to me ***
> > > *** PLEASE don't copy me on replies, I'll read them in the group ***
> > >
> > >
> > >
> >
> >
> >
>
> #####################################################################################
>
> This email has been scanned by MailMarshal, an email content filter.
>
>
> #####################################################################################
>
>
>
More information about the bind-users
mailing list