BIND configuration - superior wisdom required.
Mark Andrews
Mark_Andrews at isc.org
Mon Dec 20 21:12:53 UTC 2004
> bind-users-bounce at isc.org wrote on 12/19/2004 03:39:48 PM:
> > Barry Margolin wrote:
> >
> > > You don't need views for this, because you shouldn't be getting any
> > > queries from anywhere other than your local network. Simply configure
>
> > > your server as a master for your forward zone and the reverse zone for
>
> > > 10.in-addr.arpa. Your server will answer with this information for
> your
> > > servers, and recurse out to the Internet for everything else (there's
> no
> > > need to forward to your ISP's DNS, that just adds an extra hop and
> point
> > > of failure).
> >
> > Hi Barry,
> >
> > Thanks for the pointers. I've got things working for the local network,
> > but for some reason the server won't recurse out. I wonder if you could
> > have a quick glance through my named.conf to see if you can spot any
> > glaring errors?
>
> Are there any errors in your log?
>
>
>
>
>
> >
> > acl clients {
> > 10.0.0.0/24;
> > "localhost";
> > };
> > options {
> > version "";
> > allow-transfer { none; };
> > listen-on { clients; };
>
> The listen-on option does not do what you think it does:
>
> The interfaces and ports that the server will answer queries from may be
> specified using the listen-on option. listen-on takes an optional port,
> and an address_match_list. The server will listen on all interfaces
> allowed by the address match list. If a port is not specified, port 53
> will be used.
> Multiple listen-on statements are allowed. For example,
> listen-on { 5.6.7.8; };
> listen-on port 1234 { !1.2.3.4; 1.2/16; };
>
> will enable the name server on port 53 for the IP address 5.6.7.8, and on
> port 1234 of an address on the machine in net 1.2 that is not 1.2.3.4.
> If no listen-on is specified, the server will listen on port 53 on all
> interfaces.
>
> If you system does not have multiple interfaces you can safely drop this
> option. If it does, use this option to specify which interfaces the name
> daemon will listen on... An entire class C subnet is not a valid interface
> address.
>
> hth,
Also the "localhost" and "localnets" acls are being built as
named is checking to see whether you can listen on a interface.
It is unwise to use them in the listen-on acl as the current
element may or may not yet be in the acl when it is tested.
Use "any;" instead of "localhost" or "localnets" for listen-on.
> Dave...
> > };
> > logging {
> > category lame-servers { null; };
> > };
> > zone "." {
> > type hint;
> > file "standard/root.hint";
> > };
> > zone "localhost" {
> > type master;
> > file "standard/localhost";
> > allow-update { none; };
> > };
> > zone "127.in-addr.arpa" {
> > type master;
> > file "standard/loopback";
> > allow-update { none; };
> > };
> > zone "artyzan.net" {
> > type master;
> > file "master/artyzan.net";
> > };
> > zone "0.0.10.in-addr.arpa" {
> > type master;
> > file "master/0.0.10.rev";
> > };
> >
> >
> > --
> > No virus found in this outgoing message.
> > Checked by AVG Anti-Virus.
> > Version: 7.0.296 / Virus Database: 265.6.0 - Release Date: 17/12/2004
> >
> >
>
>
>
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list