Problem with DNS on mandriva 2007

Carlos Alberto Bernat Orozco cabo81 at gmail.com
Tue Jan 30 19:57:31 UTC 2007 

Hi group

Thanks Jeffrey and Justin for interest. Sorry for the delay to answer

Yes, I saw that file and modify my networks this way:

# more trusted_networks_acl.conf
acl "trusted_networks" {
    // If you are using RFC1918 netblocks please remember to
    // comment these in the bogon_acl.conf file.
    127.0.0.1;
    192.168.0.0/16;
    10.1.0.0/16;
    10.2.0.0/16;
    200.21.0.0/16;
    172.16.0.0/16;
};

On the networks above is located my server IP and my test host from where
I'm trying to make the querys but still does not resolve.

When I restart named service, log messages shows only this:

Jan 30 11:13:01 ethereal named[21808]: starting BIND 9.3.2 -u named -t
/var/lib/named
Jan 30 11:13:01 ethereal named[21808]: loading configuration from
'/etc/named.conf'
Jan 30 11:13:01 ethereal named[21808]: listening on IPv4 interface lo,
127.0.0.1#53
Jan 30 11:13:01 ethereal named[21808]: listening on IPv4 interface eth0,
200.21.66.194#53
Jan 30 11:13:01 ethereal named[21808]: command channel listening on
127.0.0.1#953


My firewall allows port 53 on UDP and TCP. What else could it be ?

Carlos Bernat

2007/1/30, Jeffrey Reasoner <jeff.reasoner at mail.hccanet.org>:
>
> On Tue, 2007-01-30 at 00:05, Carlos Alberto Bernat Orozco wrote:
> > Hi group
> > Sorry but I'm clueless. My server still does not resolve. Let me explain
> my
> > self. I configured all my zones to make my DNS server.
> >
> > This is my named.conf
> >
> >
> > include "/etc/rndc.key";
> >
> > controls {
> >     inet 127.0.0.1 port 953
> >     allow { 127.0.0.1; } keys { mykey; };
> > };
> >
> > // Access lists (ACL's) should be defined here
> > include "/etc/bogon_acl.conf";
> > include "/etc/trusted_networks_acl.conf";
>
> What is in trusted_networks_acl.conf? Is it being loaded? You could
> define it in named.conf rather than include. If the source IP address of
> your queries does not match this acl your server won't perform recursion
> and all you'l get is the referrals you're seeing.
>
>
> >
> > // Define logging channels
> > include "/etc/logging.conf";
> >
> > options {
> >     version "";
> >     directory "/var/named";
> >     dump-file "/var/tmp/named_dump.db";
> >     pid-file "/var/run/named.pid";
> >     statistics-file "/var/tmp/named.stats";
> >     zone-statistics yes;
> > //    datasize 256M;
> >     coresize 100M;
> > //    fetch-glue no;
> > //    recursion no;
> > //    recursive-clients 10000;
> >     auth-nxdomain yes;
> >     query-source address * port *;
> >     listen-on port 53 { any; };
> >     cleaning-interval 120;
> >     transfers-in 20;
> >     transfers-per-ns 2;
> >     lame-ttl 0;
> >     max-ncache-ttl 10800;
> >     notify no;
> >    transfer-format many-answers;
> > max-transfer-time-in 60;
> > interface-interval 0;
> >     allow-recursion { trusted_networks; };
> >    blackhole { bogon; };
> > };
> >
> > zone "ac" { type delegation-only; };
> > zone "cc" { type delegation-only; };
> > zone "com" { type delegation-only; };
> > zone "cx" { type delegation-only; };
> > zone "lv" { type delegation-only; };
> > zone "museum" { type delegation-only; };
> > zone "net" { type delegation-only; };
> > zone "nu" { type delegation-only; };
> > zone "ph" { type delegation-only; };
> > zone "sh" { type delegation-only; };
> > zone "tm" { type delegation-only; };
> > zone "ws" { type delegation-only; };
> >
> > zone "." IN {
> >         type hint;
> >         file "named.ca";
> > };
> >
> > zone "localdomain" IN {
> >         type master;
> >         file "master/localdomain.zone";
> >         allow-update { none; };
> > };
> >
> > zone "localhost" IN {
> >         type master;
> >         file "master/localhost.zone";
> >         allow-update { none; };
> > };
> >
> > zone "0.0.127.in-addr.arpa" IN {
> >         type master;
> >         file "reverse/named.local";
> >         allow-update { none; };
> > };
> >
> > zone "
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6arpa"
> > IN {
> >         type master;
> >         file "reverse/named.ip6.local";
> >         allow-update { none; };
> > };
> >
> > zone "255.in-addr.arpa" IN {
> >         type master;
> >         file "reverse/named.broadcast";
> >         allow-update { none; };
> > };
> >
> > zone "0.in-addr.arpa" IN {
> >         type master;
> >         file "reverse/named.zero";
> >         allow-update { none; };
> > };
> > //poner master/
> > zone "codisert.com.co" IN {
> >         type master;
> >         file "codisert.com.co.db";
> >         allow-update { none; };
> > };
> > //poner reverse/
> > zone "66.21.200.in-addr.arpa" IN {
> >         type master;
> >         file "200.21.66.rev";
> >         allow-update { none; };
> > };
> > //poner reverse/
> > zone "62.21.200.in-addr.arpa" IN {
> >         type master;
> >         file "200.21.62.rev";
> >         allow-update { none; };
> > };
> >
> > ########################################
> > And these are my DNS querys with the -x option:
> >
> >  # dig @200.21.66.194 -x 200.21.66.194
> >
> > ; <<>> DiG 9.3.0 <<>> @200.21.66.194 -x 200.21.66.194
> > ;; global options:  printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43611
> > ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> >
> > ;; QUESTION SECTION:
> > ;194.66.21.200.in-addr.arpa.    IN      PTR
> >
> > ;; ANSWER SECTION:
> > 194.66.21.200.in-addr.arpa. 3600 IN     PTR     ethereal.codisert.com.co
> .
> >
> > ;; AUTHORITY SECTION:
> > 66.21.200.in-addr.arpa. 604800  IN      NS      ethereal.codisert.com.co
> .
> >
> > ;; ADDITIONAL SECTION:
> > ethereal.codisert.com.co. 604800 IN     A       200.21.66.194
> >
> > ;; Query time: 39 msec
> > ;; SERVER: 200.21.66.194#53(200.21.66.194)
> > ;; WHEN: Tue Jan 30 00:01:42 2007
> > ;; MSG SIZE  rcvd: 112
> >
> >
> > Thanks to Stephen, I added a dot on my 200.21.66.rev file. What I
> understood
> > is to allow recursion in order to make work my DNS server. But still
> > continue my problem.
> >
> > I've reading about recursion, and I think that if is enable it by
> default,
> > then what other causes could posibble affect that my DNS server does not
> > resolv any web site? I already configured my firewall. But I'm lost with
> > this issue.
> >
> > Please give some more steps to get more info. I have a week with no
> > solution.
> >
> >
> > Thanks in advanced and sorry for the dummie question
> >
> > Carlos Bernat
> >
> > 2007/1/29, Barry Margolin <barmar at alum.mit.edu>:
> > >
> > > In article <epmdd7$2rfd$1 at sf1.isc.org>,
> > > "Carlos Alberto Bernat Orozco" <cabo81 at gmail.com> wrote:
> > >
> > > > Hi group
> > > > Thanks Stephane for your answers. Sorry, my mistake on the -x option
> on
> > > the
> > > > dig command. What you said before is that my DNS won't resolve
> unless
> > > uses
> > > > recursion to make querys.
> > > >
> > > > Sorry, I've been reading about how enable it (recursion) but I can't
> > > find
> > > > info. How can I enable it (in the zones, named.conf) ? or where can
> I
> > > find
> > > > info to enable it?
> > >
> > > Recursion is enabled by default, you have to disable it with
> "recursion
> > > no;" or "allow-recursion { <acl> };" in named.conf.
> > >
> > > --
> > > Barry Margolin, barmar at alum.mit.edu
> > > Arlington, MA
> > > *** PLEASE post questions in newsgroups, not directly to me ***
> > > *** PLEASE don't copy me on replies, I'll read them in the group ***
> > >
> > >
> > >
> >
> >
> >
>
> #####################################################################################
>
> This email has been scanned by MailMarshal, an email content filter.
>
>
> #####################################################################################
>
>
>

More information about the bind-users mailing list