problem with named.conf
Dawn Connelly
dawn.connelly at gmail.com
Tue Mar 27 02:38:18 UTC 2007
It looks like you are forwarding to DNS servers that are not on your LAN so
when your network link is down, the requests you aren't authoritative for
and don't have cache for are timing out. Since the requesting machine isn't
getting an answer for the DNS record it's asking for, it's appending it with
anything it has in it's search suffix. If they are querying for
www.google.com, it doesn't get an answer so queries for
www.google.com.msk3.ath.cx. Since you have a wildcard A record, it'll match
everything that has been appended. The best way to show this is when your
internet connection is down, do a query for <www.google.com.> Make sure to
do it once WITH a period at the end and once WITHOUT a period at the end.
The one with a period will time out. The one without a period will append
with the msk3.ath.cx domain and you'll get that wildcard answer.
On 3/26/07, Matt Sickler <crazyfordynamite at gmail.com> wrote:
>
> I have been trying to set up a local (LAN only) dns server that does
> recursive lookups for domains it does not control (i think this is what i
> mean...) basically I want it to be authoritative for example.com - but
> resort to asking another dns server[s] for everything else (and caches the
> answer)
> the problem with my config now is that whenever my internet connection
> goes
> down, for some reason the server returns 192.168.24.11 for any dns request
> -
> some have said this is because i set my servers to be on the "msk3.ath.cx"
> domain and it matches a "*.msk3.ath.cx. IN A 192.168.24.11" line in the
> msk3.ath.cx db....
> perhaps there is a way to fix this?
>
> <config>
> //
> // named.conf for Red Hat caching-nameserver
> //
> /* this little bit is supposed to only allow my subnet to use it (
> 192.168.24.0/24)
> controls {
> inet 192.168.1.5 allow {
> 192.168.24.0/24;
> localhost;
> } keys {
> rndckey;
> };
> };
> */
>
>
> options {
> directory "/var/named";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> // query-source address * port 53;
> forwarders {
> // these are the servers id like it to ask if it doesnt have the answer
> // and cache results
> // OpenDNS
> 208.67.222.222;
> 208.67.220.220;
> // Alliance
> 66.231.7.27;
> 66.231.7.28;
> };
> };
> logging {
> channel default_debug {
> file "data/named.run";
> severity dynamic;
> };
> };
>
> //
> // a caching only nameserver config
> //
>
> zone "24.168.192.IN-ADDR.ARPA." IN {
> type master;
> file "192.168.24.db";
> };
> zone "msk3.ath.cx." IN {
> type master;
> file "msk3.ath.cx.db";
> };
> zone "kisho.mine.nu." IN {
> type master;
> file "kisho.mine.nu.db";
> };
> zone "xitix.mine.nu." IN {
> type master;
> file "xitix.mine.nu.db";
> };
> zone "." IN {
> type hint;
> file "named.ca";
> };
>
> zone "localdomain" IN {
> type master;
> file "localdomain.zone";
> allow-update { none; };
> };
>
> zone "localhost" IN {
> type master;
> file "localhost.zone";
> allow-update { none; };
> };
>
> zone "0.0.127.in-addr.arpa" IN {
> type master;
> file "named.local";
> allow-update { none; };
> };
>
> zone "
> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
> IN {
> type master;
> file "named.ip6.local";
> allow-update { none; };
> };
>
> zone "255.in-addr.arpa" IN {
> type master;
> file "named.broadcast";
> allow-update { none; };
> };
>
> zone "0.in-addr.arpa" IN {
> type master;
> file "named.zero";
> allow-update { none; };
> };
>
> include "/etc/rndc.key";
> </config>
>
>
>
>
More information about the bind-users
mailing list