Caching DNS server problem.
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Mon Jan 13 03:27:24 UTC 2003
> Hi all,
>
> I have set up named to run on Redhat 7.2 using caching nameserver & bind
> & bind-utils. and running ip forwarding using iptables.
>
> The only difference so far is that Ihave put some extra logging in.
> using
>
> logging {
> channel "lookups"
> {
> file "queries_log" versions 3 size 20m;
> severity info;
> print-time yes;
> print-category yes;
> };
>
> category "queries" {"lookups"; };
> category "default" {"default_syslog"; "default_debug"; };
>
> What I need to do is provide this caching but look at the host file first.
>
> example.
>
> client trys to look up spamsite.co.uk (listed in etc/hosts as 127.0.0.1)
> on localhost the resolution fails as resolv.conf lists 127.0.0.1 ,
> while on a remote client the real 204.xxx.xxx.xxx address is returned.
>
> the remote machine is definitely querying the named server as the look
> up fails when named is stopped.
>
> i'm stuck, how can I get named to return the value in hosts for a query
> if one is present for a given host.
You can't. Named does not look at /etc/hosts.
You can create a zone to mask the real entry in the DNS
*and* any names below the real entry.
zone "spamsite.co.uk" {
type master;
notify no;
file "empty.db";
}
empty.db:
@ 0 SOA name.of.your.nameserver. your.real.email.address. (
1 3600 1200 604800 0 )
0 NS name.of.your.nameserver.
Zero TTL's minimise any damage caused by leaking records.
You could add loopback records if you want or some other
address that will just answer the HTTP queries. I would
however give the file a different name if you do this.
@ 0 SOA name.of.your.nameserver. your.real.email.address. (
1 3600 1200 604800 0 )
0 NS name.of.your.nameserver.
0 A 127.0.0.1
0 AAAA ::1
Mark
> nsswitch.conf
> hosts: files dns
>
> resolv.conf
> search localdomain
> nameserver 127.0.0.1
>
> hosts.conf
> order hosts,bind
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list