Most external domains do not resolve (missing root servers?)

Ian Gregson contact at iangregson.com
Sat Nov 15 19:29:19 UTC 2008 

Wow, totally cool .. it now works
 COuld i ask you to just explain the
following..

 

I put 192.168.1.31/16    this is the IP of my local machine
 what is the
/16? Should it be /24?

 

I left localhost in which I know what this is .. it’s the loopback
127.0.0.1, I presume I am correct here..

 

What is localnets
 I have also left it unchanged..

 

As I say 
 everthing works 100% now
 so I presume when I ask for yahoo.com
... I am not serving this but the dns server forwards this to my ISPs
forwards which I have placed in the named.conf file

 

Thanks again for all your help

 

From: Dawn Connelly [mailto:dawn.connelly at gmail.com] 
Sent: sábado, 15 de noviembre de 2008 18:51
To: Ian Gregson
Cc: bind-users at isc.org
Subject: Re: Most external domains do not resolve (missing root servers?)

 

You have recursion set to no. So the only thing the DNS server will answer
for is zones it is authoritative for. If you want to use it as a DNS server
for clients, you need to allow recursionfor an ACL that has the IP address
space that your clients are coming from. Here's an example:

acl "trusted" {






     192.168.0.0/16;






     10.153.154.0/24;













 
     localhost;






     localnets;






 };






 






 options {






     ...






     allow-query { any; };






     allow-recursion { trusted; };






     allow-query-cache { trusted; };






     ...






 };

 

On Sat, Nov 15, 2008 at 7:36 AM, Ian Gregson <contact at iangregson.com> wrote:

Hi there,

 

Can anyone help? I finally managed to configure bind on Windows and it seems
to be working ok but most of the external addresses (i.e. yahoo.com,
google.com etc) do not resolve.

 

The crazy thing is .. some I can browser with firefox but NOT many, i.e.
experts-exchange.com, linux.derkeiler.com work OK

 

I presume its working off some kind of cache
 

 

What I did do was downloaded the named.root file and placed it in etc  (see
my named.conf for config "." Zone - I have placed after this).

 

I think the issue is with the root servers not resolving as I ran a trace
using dig and get this back 
 even for experts-exchange.com (which resolves
in firefox), I am really lost
 Heres the output from dig using the +trace 

and here is my named.conf 


 

Any help really appreciated, basically my idea is .. to check if the domain
exists locally and if not forward to another dns server to have it resolved

 

C:\Windows\SysWOW64\dns\bin>dig +trace experts-exchange.com

 

; <<>> DiG 9.5.0-P2-W2 <<>> +trace experts-exchange.com

;; global options:  printcmd

..                       3600000 IN      NS      H.ROOT-SERVERS.NET.

..                       3600000 IN      NS      L.ROOT-SERVERS.NET.

..                       3600000 IN      NS      C.ROOT-SERVERS.NET.

..                       3600000 IN      NS      J.ROOT-SERVERS.NET.

..                       3600000 IN      NS      G.ROOT-SERVERS.NET.

..                       3600000 IN      NS      K.ROOT-SERVERS.NET.

..                       3600000 IN      NS      I.ROOT-SERVERS.NET.

..                       3600000 IN      NS      M.ROOT-SERVERS.NET.

..                       3600000 IN      NS      D.ROOT-SERVERS.NET.

..                       3600000 IN      NS      B.ROOT-SERVERS.NET.

..                       3600000 IN      NS      A.ROOT-SERVERS.NET.

..                       3600000 IN      NS      E.ROOT-SERVERS.NET.

..                       3600000 IN      NS      F.ROOT-SERVERS.NET.

;; Received 228 bytes from 127.0.0.1#53(127.0.0.1)
<http://127.0.0.1#53%28127.0.0.1%29>  in 39 ms

 

dig: couldn't get address for 'E.ROOT-SERVERS.NET': not found

 

C:\Windows\SysWOW64\dns\bin>

 

options {

      directory "c:\windows\SysWOW64\dns\etc";

      version "not currently available";

      pid-file "run\named.pid";

      allow-transfer { none; };

      recursion no;

      forwarders { 208.67.222.222; 208.67.220.220; };

      forward only;

};

 

logging{

      channel my_log{

            file "log\named.log" versions 3 size 250k;

            severity info;

      };

      category default{

                  my_log;

      };

};

 

zone "." {

type hint;

file "named.root";

}; 

 

zone "mylocalemail.com" IN {

      type master;

      file "zones\db.mylocalemail.com.txt";

      allow-transfer { none; };

};

 

key "rndc-key" {

      algorithm hmac-md5;

      secret "whaaa2JlhJJFWWDQbaGSSA3BA==";

};

 

controls {

      inet 127.0.0.1 port 953

            allow { 127.0.0.1; } keys { "rndc-key"; };

};

 

 

 

 

 

 

 

 


_______________________________________________
Bind-users mailing list
Bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users




-- 
Google for President
YouTube for VP
in any year divisible by 4

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081115/37b1e667/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 1976 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081115/37b1e667/attachment.bin>

More information about the bind-users mailing list