Problem getting "forwarders" section in named.conf.options to work

Dawn Connelly dawn.connelly at gmail.com
Sun Jul 27 23:27:03 UTC 2008 

Sorry, forgot to mention that you need to change the recursion no; to
recursion yes; first...then it will read the allow-recursion statement.
On Sun, Jul 27, 2008 at 4:24 PM, Dawn Connelly <dawn.connelly at gmail.com>
wrote:

> Actually you will probably want to use either an @ or
> sendoutcards.com....so either of these should work
> @  IN  A  206.71.90.5
> or
> sendoutcards.com. IN A 206.71.90.5 {notice the dot at the end of the
> domain...if you don't have the dot at the end, it won't work}
>
> As far as getting other machines to be able to query your DNS server for
> records it isn't authoritative for, you need to enable recursion. PLEASE
> MAKE SURE YOU LIMIT THE IPS THAT CAN MAKE RECURSIVE QUERIES!
>
> Rather than:
>
> recursion no;
>
> It needs to be:
> allow-recurions { internal_networks };
>
> Then create a ACL in your options section with:
> acl "internal_networks" {
>      10.0.0.0/8;
>
>      172.16.0.0/12;
>      192.168.0.0/16;
>      127.0.0.0/8;
> };
>
> Make sure to list out all the subnets that make up your internal network.
>
>
>
> On Sun, Jul 27, 2008 at 4:07 PM, Andy Shellam <
> andy.shellam-lists at mailnetwork.co.uk> wrote:
>
>> Hi Adam,
>>
>> I cannot help with the forwarders, but I think the reason you're not
>> being able to ping "sendoutcards.com" is because it's not defined in
>> your zone file for this reason: a blank "name" field (the first field of
>> a record) tells Bind to use the previous record's name again.
>>
>> So here:
>>
>> nas1        NS  nas1.sendoutcards.com.
>>
>>            A   206.71.90.5
>> www         A   206.71.90.5
>>
>>
>> what you're telling Bind is that "nas1" has an NS record of
>> nas1.sendoutcards.com., and an A record of 206.71.90.5.
>> Try either putting "A 206.71.90.5" after your MX record, or I believe
>> you can use a "." to indicate the root of the zone (e.g. ". A 206.71.90.5
>> ")
>>
>> Hope this helps one of your queries,
>>
>> Andy
>>
>> Adam Olsen wrote:
>> > I'm having a bit of trouble with a few things in my configuration.  I
>> > am trying to set up DNS for the sendoutcards.com domain, including
>> > mail.
>> >
>> > Here is my zone file:
>> >
>> > $TTL    604800
>> > @           IN      SOA ns2.sendoutcards.com. root.sendoutcards.com. (
>> >            20080532     ; Serial
>> >                          604800         ; Refresh
>> >                           86400         ; Retry
>> >                         2419200         ; Expire
>> >                          604800 )       ; Negative Cache TTL
>> > ;
>> >
>> >             MX  10  mail.sendoutcards.com.
>> >             NS  ns2.sendoutcards.com.
>> > nas1        NS  nas1.sendoutcards.com.
>> >
>> >             A   206.71.90.5
>> > www         A   206.71.90.5
>> > mail        A   206.71.90.6
>> > swetesoc    A   10.1.1.3
>> > web4        A   10.1.1.11
>> > carl        A   10.1.1.7
>> > fs2         A   10.1.1.18
>> > masterdb    A   10.1.1.12
>> > slavedb     A   10.1.1.13
>> > nappy       A   10.1.1.4
>> > nas1        A   10.1.1.24
>> >
>> > This is on the secondary dns server.  With this setup, I can ping
>> > mail.sendoutcards.com, www.sendoutcards.com, but not plain
>> > 'sendoutcards.com'.  Also, if I set up a remote machine to use this
>> > DNS server in /etc/resolv.conf, that machine cannot ping 'google.com'
>> > (the log on the DNS server says 'query (cache) denied'.
>> >
>> > I tried setting up forwarders {};  in named.conf.options to my ISP
>> > assigned DNS servers, but if I do that, my zone file seems to get
>> > ignored entirely.
>> >
>> > I know I'm probably doing this wrong, but there are so many examples
>> > on the net with so many different formats to use in the zone file.
>> > Any help here would be appreciated.
>> >
>> > --
>> > Adam Olsen
>> > SendOutCards.com
>> > http://www.vimtips.org
>> > http://last.fm/user/synic
>> >
>> >
>> >
>>
>>
>

More information about the bind-users mailing list