DNS weirdness

Darcy Kevin (FCA) kevin.darcy at fcagroup.com
Tue Jan 6 18:56:07 UTC 2015 

This nameserver is forwarding to 208.67.222.222 and 208.67.220.220. Are those valid and working?

Also, a bunch of your tunables are set really low -- particularly, recursive-clients set to 100. This won't suffice for a busy server.

								- Kevin

-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of The Doctor
Sent: Tuesday, January 06, 2015 1:50 PM
To: comp-protocols-dns-bind at isc.org
Subject: DNS weirdness

Help needed.

This morning my primary DNS server locked.

No worries, the backup will kick in.

Wrong

!!

The Secondary DNS server cannot resolve properly unless the 'real' primary is working.

All right, why is the secondary server behaving this way?

Satrt of secondary DNS server named.conf file

//Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
      algorithm hmac-md5;
      secret "7ZbGK94NdSa2WACxx72W1w=="; };

controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; }; };




// generated by named-bootconf.pl

options {
        directory "/etc/namedb";
        pid-file "/var/run/named.pid";
        dump-file "/etc/namedb/named.core";
        max-ncache-ttl 86400;
        recursive-clients 100;
        reserved-sockets 128;
        tcp-clients 40;
        tcp-listen-queue 14;
        zone-statistics yes;
        forwarders { 208.67.222.222; 208.67.220.220; };
        blackhole {
                65.94.172.87;
                67.68.204.41;
                74.15.184.13;
                65.94.173.208;
        };
        allow-transfer {
                        204.209.81.1;
                        204.209.81.8;
                        204.209.81.14;
                        };
        allow-notify {
                        204.209.81.1;
                        204.209.81.8;
                        204.209.81.14;
                        };
        also-notify {
                        204.209.81.1 port 53;
                        204.209.81.8 port 53;
                        204.209.81.14 port 53;
                        };
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked   
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism Birthday 29 Jan 1969, REdhill Surrey, England, UK

--
This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list