Problem getting "forwarders" section in named.conf.options to work
Dawn Connelly
dawn.connelly at gmail.com
Sun Jul 27 23:27:03 UTC 2008
Sorry, forgot to mention that you need to change the recursion no; to
recursion yes; first...then it will read the allow-recursion statement.
On Sun, Jul 27, 2008 at 4:24 PM, Dawn Connelly <dawn.connelly at gmail.com>
wrote:
> Actually you will probably want to use either an @ or
> sendoutcards.com....so either of these should work
> @ IN A 206.71.90.5
> or
> sendoutcards.com. IN A 206.71.90.5 {notice the dot at the end of the
> domain...if you don't have the dot at the end, it won't work}
>
> As far as getting other machines to be able to query your DNS server for
> records it isn't authoritative for, you need to enable recursion. PLEASE
> MAKE SURE YOU LIMIT THE IPS THAT CAN MAKE RECURSIVE QUERIES!
>
> Rather than:
>
> recursion no;
>
> It needs to be:
> allow-recurions { internal_networks };
>
> Then create a ACL in your options section with:
> acl "internal_networks" {
> 10.0.0.0/8;
>
> 172.16.0.0/12;
> 192.168.0.0/16;
> 127.0.0.0/8;
> };
>
> Make sure to list out all the subnets that make up your internal network.
>
>
>
> On Sun, Jul 27, 2008 at 4:07 PM, Andy Shellam <
> andy.shellam-lists at mailnetwork.co.uk> wrote:
>
>> Hi Adam,
>>
>> I cannot help with the forwarders, but I think the reason you're not
>> being able to ping "sendoutcards.com" is because it's not defined in
>> your zone file for this reason: a blank "name" field (the first field of
>> a record) tells Bind to use the previous record's name again.
>>
>> So here:
>>
>> nas1 NS nas1.sendoutcards.com.
>>
>> A 206.71.90.5
>> www A 206.71.90.5
>>
>>
>> what you're telling Bind is that "nas1" has an NS record of
>> nas1.sendoutcards.com., and an A record of 206.71.90.5.
>> Try either putting "A 206.71.90.5" after your MX record, or I believe
>> you can use a "." to indicate the root of the zone (e.g. ". A 206.71.90.5
>> ")
>>
>> Hope this helps one of your queries,
>>
>> Andy
>>
>> Adam Olsen wrote:
>> > I'm having a bit of trouble with a few things in my configuration. I
>> > am trying to set up DNS for the sendoutcards.com domain, including
>> > mail.
>> >
>> > Here is my zone file:
>> >
>> > $TTL 604800
>> > @ IN SOA ns2.sendoutcards.com. root.sendoutcards.com. (
>> > 20080532 ; Serial
>> > 604800 ; Refresh
>> > 86400 ; Retry
>> > 2419200 ; Expire
>> > 604800 ) ; Negative Cache TTL
>> > ;
>> >
>> > MX 10 mail.sendoutcards.com.
>> > NS ns2.sendoutcards.com.
>> > nas1 NS nas1.sendoutcards.com.
>> >
>> > A 206.71.90.5
>> > www A 206.71.90.5
>> > mail A 206.71.90.6
>> > swetesoc A 10.1.1.3
>> > web4 A 10.1.1.11
>> > carl A 10.1.1.7
>> > fs2 A 10.1.1.18
>> > masterdb A 10.1.1.12
>> > slavedb A 10.1.1.13
>> > nappy A 10.1.1.4
>> > nas1 A 10.1.1.24
>> >
>> > This is on the secondary dns server. With this setup, I can ping
>> > mail.sendoutcards.com, www.sendoutcards.com, but not plain
>> > 'sendoutcards.com'. Also, if I set up a remote machine to use this
>> > DNS server in /etc/resolv.conf, that machine cannot ping 'google.com'
>> > (the log on the DNS server says 'query (cache) denied'.
>> >
>> > I tried setting up forwarders {}; in named.conf.options to my ISP
>> > assigned DNS servers, but if I do that, my zone file seems to get
>> > ignored entirely.
>> >
>> > I know I'm probably doing this wrong, but there are so many examples
>> > on the net with so many different formats to use in the zone file.
>> > Any help here would be appreciated.
>> >
>> > --
>> > Adam Olsen
>> > SendOutCards.com
>> > http://www.vimtips.org
>> > http://last.fm/user/synic
>> >
>> >
>> >
>>
>>
>
More information about the bind-users
mailing list