turning on recursion in bind 9.2.2 makes ssh login prompt slow

r37ribution at gmail.com r37ribution at gmail.com
Wed Jan 16 16:37:43 UTC 2008 

Ok, awesome I made the change to named.root and it works great! Thank you so
much everyone.


> Alan Clegg wrote:
> Note that since you are in a controlled environment, I'd recommend that
> you could also become authoritative for the zones that the inverses are
> being queried against...
>
> In other words:  become the master of your domain.  :)
>

Please explain.

When I run "dig +trace -x 209.85.137.83" I get the message below repeatedly
until the "dig: Too many lookups" message:
root at obms1-com-taylor-mi:/var/opt/dnsfiles# dig +trace -x 209.85.137.83
; <<>> DiG 9.2.2 <<>> +trace -x 209.85.137.83
;; global options:  printcmd
.                       3600000 IN      NS
obms1-com-taylor-mi.bms.n2bb.com.
;; Received 78 bytes from 168.84.1.194#53(168.84.1.194) in 1 ms
.                       3600000 IN      NS
obms1-com-taylor-mi.bms.n2bb.com.
;; Received 105 bytes from 168.84.1.194#53(obms1-com-taylor-mi.bms.n2bb.com)
in 0 ms
.                       3600000 IN      NS
obms1-com-taylor-mi.bms.n2bb.com.
;; Received 105 bytes from 168.84.1.194#53(obms1-com-taylor-mi.bms.n2bb.com)
in 0 ms
.                       3600000 IN      NS
obms1-com-taylor-mi.bms.n2bb.com.
[message repeats]...
;; Received 105 bytes from 168.84.1.194#53(obms1-com-taylor-mi.bms.n2bb.com)
in 0 ms
.                       3600000 IN      NS
obms1-com-taylor-mi.bms.n2bb.com.
dig: Too many lookups


I was hoping that if I post my named.conf and named.root if you see anything
missing that should be there please let me know.

named.root:
.                        3600000  IN  NS    obms1-com-taylor-mi.bms.n2bb.com
.
obms1-com-taylor-mi.bms.n2bb.com.      3600000      A     168.84.1.194
; End of File
named.conf:
// BIND Version 9 configuration file.
//
options {
       directory           "/var/opt/dnsfiles";
       dump-file           "/var/opt/dnsfiles/tmp/named_dump.db";
       pid-file            "/usr/local/run/named.pid";
           // version statement for security to avoid hacking known
weaknesses
           version "not currently available";
           recursion yes;
};
include "/etc/rndc.key";
controls {
        inet 127.0.0.1 allow {127.0.0.1; } keys { "rndc-key"; };
};
zone "." {
       type hint;
       file "named.root";
};
zone "bms.n2bb.com" in {
  type master;
  file "db.bms.n2bb.com";
  // to allow salve transfers, add slave ips in place of 'none'
  allow-transfer { any; };
};
zone "1.84.168.in-addr.arpa" in {
  type master;
  file "db.168.84.1";
  // to allow salve transfers, add slave ips in place of 'none'
  allow-transfer { any; };
};
zone "localhost" in {
  type master;
  file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
  type master;
  file "named.local";
};

More information about the bind-users mailing list