FW: DNS Catastrophic Failure
Eric Ray
eric.ray at accessonetech.com
Tue Mar 14 14:34:42 UTC 2006
Help! We recently moved our primary BIND 9.x DNS server from one ISP to
another. This server is the master zone server for all of my domains
(500-1,000). I also have two secondary name servers as well. When we
moved the primary server, DNS almost came to a grinding halt. I know
that some queries were going through, but not an acceptable rate. We
are a Voice over IP company and obviously depend on DNS heavily. I am
attaching the configuration files of the master (ns3) and one of the
secondary (ns2). I also am attaching zone files for the primary domain
preferreddesigns.com. It serves as the SOA and NS records for the other
domains. Please help! Thanks.
Snippet of named.conf on ns2 (secondary):
options {
directory "/var/named";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
recursion yes;
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "1staugusta.com" IN {
type slave;
file "/var/named/1staugusta.com.dns";
masters {216.104.149.101;};
};
zone "240.180.206.in-addr.arpa" {
type slave;
file "secondary/240.180.206.in-addr.arpa.dns";
masters {216.104.149.101;};
};
zone "241.180.206.in-addr.arpa" {
type slave;
file "secondary/241.180.206.in-addr.arpa.dns";
masters {216.104.149.101;};
};
zone "242.180.206.in-addr.arpa" {
type slave;
file "secondary/242.180.206.in-addr.arpa.dns";
masters {216.104.149.101;};
};
zone "245.180.206.in-addr.arpa" {
type slave;
file "secondary/245.180.206.in-addr.arpa.dns";
masters {216.104.149.101;};
};
zone "250.180.206.in-addr.arpa" {
type slave;
file "250.180.206.in-addr.arpa.dns";
masters {
216.104.149.101;
};
};
zone "2kmarchitects.com" IN {
type slave;
file "/var/named/2kmarchitects.com.dns";
masters {216.104.149.101;}; options {
directory "/var/named";
Snipet of ns3 (primary):
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
recursion no;
statistics-file "/var/named/ns3stats";
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndckey; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone "1staugusta.com" IN {
type master;
file "/var/named/1staugusta.com.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.149.0/24; };
};
zone "149.104.216.in-addr.arpa" IN {
type master;
file "/var/named/149.104.216.in-addr.arpa.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.128.0/24; };
};
zone "240.180.206.in-addr.arpa" IN {
type master;
file "/var/named/240.180.206.in-addr.arpa.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.149.0/24; };
};
zone "241.180.206.in-addr.arpa" IN {
type master;
file "/var/named/241.180.206.in-addr.arpa.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.149.0/24; };
};
zone "242.180.206.in-addr.arpa" IN {
type master;
file "/var/named/242.180.206.in-addr.arpa.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.149.0/24; };
};
zone "245.180.206.in-addr.arpa" IN {
type master;
file "/var/named/245.180.206.in-addr.arpa.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.149.0/24; };
};
zone "249.180.206.in-addr.arpa" IN {
type master;
file "/var/named/249.180.206.in-addr.arpa.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.149.0/24; };
};
zone "250.180.206.in-addr.arpa" IN {
type master;
file "/var/named/250.180.206.in-addr.arpa.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.149.0/24; };
};
zone "2kmarchitects.com" IN {
type master;
file "/var/named/2kmarchitects.com.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.149.0/24; };
};
zone "401kanalytics.com" IN {
type master;
file "/var/named/401kanalytics.com.dns";
allow-transfer {127.0.0.1; 192.168/16; 206.180/16;
216.104.149.0/24; };
};
};
Snipet of domain preferreddesigns.com:
@ IN SOA ns3.preferreddesigns.com.
administrator.preferreddesigns.com. (
93
900
600
86400
3600 )
;
; Zone NS records
;
@ NS ns2.preferreddesigns.com.
@ NS ns3.preferreddesigns.com.
@ NS ns4.preferreddesigns.com.
;
; Zone records
;
@ A 216.104.149.67
@ MX 5 smtp.accessonetech.com.
@ MX 5 smtp2.accessonetech.com.
anne A 216.104.149.116
anne2 A 216.104.149.117
cache1 A 206.180.240.118
cache2 A 206.180.240.119
christine A 216.104.149.115
hiab A 206.180.240.16
larry A 206.180.245.1
larrylinux A 206.180.245.1
More information about the bind-users
mailing list