Server not resolving...

Kevin Darcy kcd at daimlerchrysler.com
Thu Mar 22 02:42:00 UTC 2001


rob{DONOTSPAM}@symcas-tsg.com wrote:

> I'm running BIND 8.1 on Slackware 7.1

Upgrade! BIND 8.1 has multiple root exploits in it.

> In my /etc/resolv.conf I have:
>
> search mydomain.com otherdomain.com
> nameserver 127.0.0.1
>
> In my /etc/named.conf everything is ok..
>
> The problem is if I Use the above resolv.conf, then I cannot resolve
> outside domains.  If I add a secondary nameserver entry for an outside
> DNS server, then it works.

The only explanation I have for this is that your resolver is
*timing*out* trying to resolve external names from the local nameserver.
This in turn implies that your local nameserver is not runing or is
misconfigured or that you have some sort of network connectivity problem
(like maybe it can't contact external nameservers for some reason).

> My question is this..
>
> Why would I want an external DNS server defined if I want this server to
>
> be the Primary for a few domains?

You probably *wouldn't* want this. It should be possible for the same
nameserver to resolve external and internal names, assuming everything is
configured and running properly and the necessary network connectivity is
present.

> I don't want to reply on anything but
>
> the root servers for querying unknown domains..

You lost me with that sentence. Do you mean you want to return only a
referral to the root servers when an unknown domain is queried? You could
accomplish that by setting up an Internet root "hints" zone and turning off
recursion. But a stub resolver isn't going to do anything useful if it gets
just a root-zone referral; it won't "fail over" to the next nameserver in
its resolver configuration. If you want to use this nameserver for
resolving external names for internal clients, then you need it to allow
recursion (but of course you could be selective about recursion via
"allow-recursion", and if you wanted to get fancier, you could even run
multiple nameserver instances on one box, listening to different
interfaces, where one instance allows recursion and the other doesn't, or,
instead, upgrade to BIND 9 and use "view"s).


- Kevin




More information about the bind-users mailing list