Problem getting "forwarders" section in named.conf.options to work

Adam Olsen arolsen at gmail.com
Mon Jul 28 00:01:16 UTC 2008 

Andy, Dawn,
Thanks!  Now sendoutcards.com is resolving, but it's acting kind of weird.
I'm not sure if it has to do with the DNS configuration or not.  pinging
sendoutcards.com or mail.sendoutcards.com gives the correct address, but the
ping command hangs.  I can't even press CTRL+C to stop it.  Pinging the IP
alone does not cause this problem.

I don't know if this matters much, it seems I can connect to the various
important ports just fine.

Thanks again

On Sun, Jul 27, 2008 at 5:27 PM, Dawn Connelly <dawn.connelly at gmail.com>wrote:

> Sorry, forgot to mention that you need to change the recursion no; to
> recursion yes; first...then it will read the allow-recursion statement.
>
>
> On Sun, Jul 27, 2008 at 4:24 PM, Dawn Connelly <dawn.connelly at gmail.com>
> wrote:
>
>> Actually you will probably want to use either an @ or
>> sendoutcards.com....so either of these should work
>> @  IN  A  206.71.90.5
>> or
>> sendoutcards.com. IN A 206.71.90.5 {notice the dot at the end of the
>> domain...if you don't have the dot at the end, it won't work}
>>
>> As far as getting other machines to be able to query your DNS server for
>> records it isn't authoritative for, you need to enable recursion. PLEASE
>> MAKE SURE YOU LIMIT THE IPS THAT CAN MAKE RECURSIVE QUERIES!
>>
>> Rather than:
>>
>> recursion no;
>>
>> It needs to be:
>> allow-recurions { internal_networks };
>>
>> Then create a ACL in your options section with:
>> acl "internal_networks" {
>>      10.0.0.0/8;
>>
>>
>>      172.16.0.0/12;
>>      192.168.0.0/16;
>>      127.0.0.0/8;
>>
>> };
>>
>> Make sure to list out all the subnets that make up your internal network.
>>
>>
>>
>> On Sun, Jul 27, 2008 at 4:07 PM, Andy Shellam <
>> andy.shellam-lists at mailnetwork.co.uk> wrote:
>>
>>> Hi Adam,
>>>
>>> I cannot help with the forwarders, but I think the reason you're not
>>> being able to ping "sendoutcards.com" is because it's not defined in
>>> your zone file for this reason: a blank "name" field (the first field of
>>> a record) tells Bind to use the previous record's name again.
>>>
>>> So here:
>>>
>>> nas1        NS  nas1.sendoutcards.com.
>>>
>>>            A   206.71.90.5
>>> www         A   206.71.90.5
>>>
>>>
>>> what you're telling Bind is that "nas1" has an NS record of
>>> nas1.sendoutcards.com., and an A record of 206.71.90.5.
>>> Try either putting "A 206.71.90.5" after your MX record, or I believe
>>> you can use a "." to indicate the root of the zone (e.g. ". A
>>> 206.71.90.5")
>>>
>>> Hope this helps one of your queries,
>>>
>>> Andy
>>>
>>> Adam Olsen wrote:
>>> > I'm having a bit of trouble with a few things in my configuration.  I
>>> > am trying to set up DNS for the sendoutcards.com domain, including
>>> > mail.
>>> >
>>> > Here is my zone file:
>>> >
>>> > $TTL    604800
>>> > @           IN      SOA ns2.sendoutcards.com. root.sendoutcards.com. (
>>> >            20080532     ; Serial
>>> >                          604800         ; Refresh
>>> >                           86400         ; Retry
>>> >                         2419200         ; Expire
>>> >                          604800 )       ; Negative Cache TTL
>>> > ;
>>> >
>>> >             MX  10  mail.sendoutcards.com.
>>> >             NS  ns2.sendoutcards.com.
>>> > nas1        NS  nas1.sendoutcards.com.
>>> >
>>> >             A   206.71.90.5
>>> > www         A   206.71.90.5
>>> > mail        A   206.71.90.6
>>> > swetesoc    A   10.1.1.3
>>> > web4        A   10.1.1.11
>>> > carl        A   10.1.1.7
>>> > fs2         A   10.1.1.18
>>> > masterdb    A   10.1.1.12
>>> > slavedb     A   10.1.1.13
>>> > nappy       A   10.1.1.4
>>> > nas1        A   10.1.1.24
>>> >
>>> > This is on the secondary dns server.  With this setup, I can ping
>>> > mail.sendoutcards.com, www.sendoutcards.com, but not plain
>>> > 'sendoutcards.com'.  Also, if I set up a remote machine to use this
>>> > DNS server in /etc/resolv.conf, that machine cannot ping 'google.com'
>>> > (the log on the DNS server says 'query (cache) denied'.
>>> >
>>> > I tried setting up forwarders {};  in named.conf.options to my ISP
>>> > assigned DNS servers, but if I do that, my zone file seems to get
>>> > ignored entirely.
>>> >
>>> > I know I'm probably doing this wrong, but there are so many examples
>>> > on the net with so many different formats to use in the zone file.
>>> > Any help here would be appreciated.
>>> >
>>> > --
>>> > Adam Olsen
>>> > SendOutCards.com
>>> > http://www.vimtips.org
>>> > http://last.fm/user/synic
>>> >
>>> >
>>> >
>>>
>>>
>>
>


-- 
Adam Olsen
SendOutCards.com
http://www.vimtips.org
http://last.fm/user/synic

More information about the bind-users mailing list