problem with named.conf

Tue Mar 27 02:43:00 UTC 2007

is there any way to fix this so that when the link is down it responds with
a timeout or something?
On 3/26/07, Dawn Connelly <dawn.connelly at gmail.com> wrote:
>
> It looks like you are forwarding to DNS servers that are not on your LAN
> so when your network link is down, the requests you aren't authoritative for
> and don't have cache for are timing out. Since the requesting machine isn't
> getting an answer for the DNS record it's asking for, it's appending it with
> anything it has in it's search suffix. If they are querying for
> www.google.com, it doesn't get an answer so queries for
> www.google.com.msk3.ath.cx. Since you have a wildcard A record, it'll
> match everything that has been appended. The best way to show this is when
> your internet connection is down, do a query for < www.google.com.>  Make
> sure to do it once WITH a period at the end and once WITHOUT a period at the
> end. The one with a period will time out. The one without a period will
> append with the msk3.ath.cx domain and you'll get that wildcard answer.
>
> On 3/26/07, Matt Sickler <crazyfordynamite at gmail.com > wrote:
> >
> > I have been trying to set up a local (LAN only) dns server that does
> > recursive lookups for domains it does not control (i think this is what
> > i
> > mean...)  basically I want it to be authoritative for example.com - but
> > resort to asking another dns server[s] for everything else (and caches
> > the
> > answer)
> > the problem with my config now is that whenever my internet connection
> > goes
> > down, for some reason the server returns 192.168.24.11 for any dns
> > request -
> > some have said this is because i set my servers to be on the "
> > msk3.ath.cx"
> > domain and it matches a "*.msk3.ath.cx. IN A 192.168.24.11" line in the
> > msk3.ath.cx db....
> > perhaps there is a way to fix this?
> >
> > <config>
> > //
> > // named.conf for Red Hat caching-nameserver
> > //
> > /* this little bit is supposed to only allow my subnet to use it (
> > 192.168.24.0/24)
> > controls {
> >     inet 192.168.1.5 allow {
> >     192.168.24.0/24;
> >     localhost;
> >   } keys {
> >     rndckey;
> >   };
> > };
> > */
> >
> >
> > options {
> >     directory "/var/named";
> >     dump-file "/var/named/data/cache_dump.db";
> >     statistics-file "/var/named/data/named_stats.txt";
> >     /*
> >      * If there is a firewall between you and nameservers you want
> >      * to talk to, you might need to uncomment the query-source
> >      * directive below.  Previous versions of BIND always asked
> >      * questions using port 53, but BIND 8.1 uses an unprivileged
> >      * port by default.
> >      */
> >      // query-source address * port 53;
> >     forwarders {
> > // these are the servers id like it to ask if it doesnt have the answer
> > // and cache results
> >         // OpenDNS
> >          208.67.222.222;
> >         208.67.220.220;
> >         // Alliance
> >         66.231.7.27;
> >         66.231.7.28;
> >     };
> > };
> > logging {
> >         channel default_debug {
> >                 file "data/named.run";
> >                 severity dynamic;
> >         };
> > };
> >
> > //
> > // a caching only nameserver config
> > //
> >
> > zone "24.168.192.IN-ADDR.ARPA." IN {
> >     type master;
> >     file "192.168.24.db";
> > };
> > zone "msk3.ath.cx." IN {
> >     type master;
> >     file " msk3.ath.cx.db";
> > };
> > zone "kisho.mine.nu." IN {
> >     type master;
> >     file "kisho.mine.nu.db";
> > };
> > zone "xitix.mine.nu ." IN {
> >     type master;
> >     file "xitix.mine.nu.db";
> > };
> > zone "." IN {
> >     type hint;
> >     file "named.ca";
> > };
> >
> > zone "localdomain" IN {
> >     type master;
> >     file "localdomain.zone";
> >     allow-update { none; };
> > };
> >
> > zone "localhost" IN {
> >     type master;
> >     file "localhost.zone";
> >     allow-update { none; };
> > };
> >
> > zone "0.0.127.in-addr.arpa" IN {
> >     type master;
> >     file "named.local";
> >     allow-update { none; };
> > };
> >
> > zone "
> > 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa "
> > IN {
> >     type master;
> >     file "named.ip6.local";
> >     allow-update { none; };
> > };
> >
> > zone "255.in-addr.arpa" IN {
> >     type master;
> >     file "named.broadcast";
> >     allow-update { none; };
> > };
> >
> > zone "0.in-addr.arpa" IN {
> >     type master;
> >     file "named.zero";
> >     allow-update { none; };
> > };
> >
> > include "/etc/rndc.key";
> > </config>
> >
> >
> >
> >
>