turning on recursion in bind 9.2.2 makes ssh login prompt slow

Mark Andrews Mark_Andrews at isc.org
Fri Jan 18 20:55:18 UTC 2008 

> Ok, I changed my named.conf "." zone to the following:
> zone "." {
>   type master;
>   file "db.root";
>   allow-transfer { any; };
> };
> and each slave has:
> zone "." {
>   type slave;
>   file "bak.db.root";
>   masters { 168.84.1.194; };
>   allow-notify { any; };
> };
> The zone for "." looks like this:
> $TTL 3h
> @       IN      SOA     @ root (
>                         2008011801      ;serial YYYYMMDD##
>                         3h              ;refresh after 3 hours
>                         1h              ;retry after 1 hour
>                         1w              ;expire after 1 week
>                         1d )            ;negative caching TTL of 1 day
> @       IN      NS      @
>         IN      A       168.84.1.194
>         IN      A       168.84.1.195
>         IN      A       168.84.1.196
>         IN      A       168.84.1.197
>         IN      A       168.84.1.198
> Everything loaded ok and DNS seems to be working. I'd still like a
> 2nd opinion of how I wrote the config/zone file? Thanks again for everyone's
> help I really appreciate this.
> On Jan 16, 2008 7:45 PM, Kevin Darcy <kcd at chrysler.com> wrote:

	I presume you have names for each of the machines 168.84.1.194
	through 168.84.1.198.  I would use them.  The root servers
	should also serve all the zones which contain those names.

	"." is often a place holder.

	You also need to delegate the rest of the zones.  By
	convention localhost and 127.in-addr.arpa are not delegated
	but are configured on all recursive servers.

	Doing it correctly now will allow you to grow.

	Mark

$TTL 10800
@       SOA     <master> <your.Email.address> 2008011801  10800 3600 604800 86400 
@	NS	<master>
@	NS	<slave>
@	NS	<slave>
@	NS	<slave>
@	NS	<slave>
<master> A 168.84.1.194
<slave> A 168.84.1.195
<slave> A 168.84.1.196
<slave> A 168.84.1.197
<slave> A 168.84.1.198
bms.n2bb.com. NS <nameserver1>
bms.n2bb.com. NS <nameserver2>
1.84.168.in-addr.arpa. NS <nameserver1>
1.84.168.in-addr.arpa. NS <nameserver2>
<nameserver1> A <address>
<nameserver2> A <address>

> > Since this is an isolated network, set up the root zone as *master*, not
> > hint. There's no point in "hint"ing at a root zone, if there's nothing
> > on your network that actually serves that zone authoritatively; you're
> > sending dig +trace on a fool's errand...
> >
> >                        - Kevin
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list