Need advice on DNS

Darren Poh darpohsh at hotmail.com
Sat Nov 8 05:17:15 UTC 2003


Barry Margolin <barry.margolin at level3.com> wrote in message news:<bogrpr$23c7$1 at sf1.isc.org>...
> In article <bogpno$217m$1 at sf1.isc.org>,
> Darren Poh <darpohsh at hotmail.com> wrote:
> >I have registered for a domain. Let take it to be 'mydomain.com'. The

Hi Barry,

Thanks for your reply.

> 
> Please tell us the real domain.  Your description of what you've done is
> not complete, and we can't tell exactly what's going wrong without seeing
> the true registration.
> 

The domain name is ipasar.com

> >registrar do not help me to host my new domain. I use the DNS service
> >by DNS-Made-Easy whereby I indicated 2 'A' records.
> >
> >mydomain.com. with the address 111.222.333.444
> >ns0 with the same address
> 
> What nameservers did you list when you registered the domain?  Just
> DNS-Made-Easy's servers, or their servers and your dedicated server?

I have listed

ns1.dnsmadeeasy.com
ns0.dnsmadeeasy.com
ns2.dnsmadeeasy.com
ns4.dnsmadeeasy.com
ns3.dnsmadeeasy.com

> 
> Are DNS-Made-Easy's servers configured as master or slave for your domain?
> If they're slaves, you need to allow their addresses in your
> "allow-transfer" statements.

I setup primary DNS on DNS-Made-Easy. In this case, is there a need to
make any changes to my DNS configuration file?

> 
> >I want to run my own DNS (BIND 9 on Redhat 7.3) on my dedicated
> >server. Below is the content of my 'named.conf' file, follow by
> >content of the file 'db.mydomain.com'
> >
> >*********************
> >
> >// Authorized source addresses
> >acl "trusted" {
> >        localhost;
> >        111.222.333.444;
> >};
> >
> >// Known fake source addresses shouldn't be replied to
> >acl "bogon" {
> >        0.0.0.0/8;
> >        1.0.0.0/8;
> >        2.0.0.0/8;
> >        192.0.2.0/24;
> >        224.0.0.0/3;
> >        169.254.0.0/16;
> >        // Enterprise networks may or may not be bogus
> >        10.0.0.0/8;
> >        172.16.0.0/12;
> >        192.168.0.0/16;
> >};
> >
> >options {
> >        directory "/var/named";
> >        query-source address * port 953;
> >        allow-transfer { none; };
> >        allow-query { trusted; };
> >        allow-recursion { trusted; };
> >        blackhole { bogon; };
> >        version "OpenNA Linux";
> >};
> >
> >logging {
> >        category lame-servers { null; };
> >};
> >
> >controls {
> >        inet 127.0.0.1 allow { localhost; } keys { "mydomain.com"; };
> >};
> >
> >zone "." IN {
> >        type hint;
> >        file "db.cache";
> >};
> >
> >zone "mydomain.com" IN {
> >        type master;
> >        file "db.mydomain.com";
> >        allow-update { none; };
> >        notify no;
> >};
> >
> >zone "0.0.127.in-addr.arpa" IN {
> >        type master;
> >        file "db.127.0.0";
> >        allow-update { none; };
> >        notify no;
> >};
> >
> >zone "333.222.111.in-addr.arpa" IN {
> >        type master;
> >        file "db.111.222.333";
> >        allow-update { none; };
> >        notify no;
> >};
> >
> >include "/etc/rndc.key";
> >
> >****************
> >
> >$TTL 10800
> >@               IN    SOA ns0.mydomain.com. webmaster.mydomain.com. (
> >                      2003110600    ; Serial No - yyyymmdd[0-9][0-9]
> >                      10800         ; Refresh after 3 hrs
> >                      3600          ; Retry after 1 hr
> >                      604800        ; Expires after 1 wk
> >                      10800         ; Negative caching TTL of 3 hrs
> >                      )
> >;
> >; Name Server(s)
> >;
> >                IN NS      ns0.mydomain.com.
> >                IN NS      ns0.dnsmadeeasy.com.
> >                IN A       111.222.333.444
> >                IN MX 10   mail.mydomain.com.
> >;
> >; Addresses for the canonical names
> >;
> >localhost       IN A       127.0.0.1
> >ns0             IN A       111.222.333.444
> >;
> >; Aliases
> >;
> >www             IN CNAME   ns0
> >mail            IN CNAME   ns0
> >ftp             IN CNAME   ns0
> >
> >*************
> >
> >Remotely, I am able to ping to 'mydomain.com' and also
> >'ns0.mydomain.com'. However, I am not able to ping to
> >'www.mydomain.com'. It seems like the content in my DNS configuration
> >is not been recognised by the 'outsie' world. I am not sure where went
> >wrong. I hope someone can provide me with some advice.
> 
> The "allow-query { trusted; };" statement in your named.conf doesn't allow
> the outside world to get information from your server.

Thanks for enlightening me. I have commented out this line.

Sure hope to get this done soon .. =)


More information about the bind-users mailing list