tips on debugging DNS
Kimi Ostro
kimimeister at gmail.com
Sat Dec 15 20:32:25 UTC 2007
On 15/12/2007, Dawn Connelly <dawn.connelly at gmail.com> wrote:
> Make sure that the IP addresses of your DNS servers are specifically allowed
> in the recursion ACL on the caching servers. You mentioned in your email
> that you were going to attach the named.conf's but it doesn't look like it
> came through. Can you add them to the body of email text?
Here they are:
//
// AUTHORITATIVE ONLY SLAVE NAME SERVER
//
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
listen-on {
192.0.2.212;
};
listen-on-v6 {
none;
};
allow-recursion {
none;
};
recursion no;
allow-transfer {
192.0.2.210;
};
allow-query {
192.0.2.0/24;
127.0.0.1/32;
};
forwarders {
};
notify no;
additional-from-auth no;
additional-from-cache no;
version none;
hostname none;
server-id none;
};
include "config/control.conf";
include "config/key.conf";
include "config/logging.conf";
view "internal" {
match-clients {
192.0.2.0/24;
127.0.0.1/32;
};
zone "example.org" in {
file "slave/slv.example.org.db";
type slave;
masters {
192.0.2.210;
};
};
zone "2.0.192.in-addr.arpa" in {
file "slave/slv.example.org.rv";
type slave;
masters {
192.0.2.210;
};
};
zone "localhost" in {
file "slave/slv.localhost.db";
type slave;
masters {
192.0.2.210;
};
};
zone "0.0.127.in-addr.arpa" in {
file "slave/slv.localhost.rv";
type slave;
masters {
192.0.2.210;
};
};
zone "." {
file "master/mst.root.db";
type hint;
};
};
//
// CACHING RESOLVER NAME SERVER
//
options {
directory "/var/named";
pid-file "/var/run/named/named.pid";
listen-on {
192.0.2.216;
};
listen-on-v6 {
none;
};
allow-recursion {
192.0.2.0/24;
127.0.0.1/32;
};
recursion yes;
allow-transfer {
none;
};
allow-query {
192.0.2.0/24;
127.0.0.1/32;
};
forwarders {
};
notify no;
version none;
hostname none;
server-id none;
};
include "config/control.conf";
include "config/key.conf";
include "config/logging.conf";
view "internal" {
match-clients {
192.0.2.0/24;
127.0.0.1/32;
};
zone "." {
file "master/mst.root.db";
type hint;
};
};
//
// logging.conf
//
logging {
category config { config_log; };
channel config_log {
file "/var/log/named/config.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
category client { client_log; };
channel client_log {
file "/var/log/named/client.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
category default { default_log; };
channel default_log {
file "/var/log/named/default.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
category lame-servers { lame-servers_log; };
channel lame-servers_log {
file "/var/log/named/lame-servers.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
category resolver { resolver_log; };
channel resolver_log {
file "/var/log/named/resolver.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
category queries { queries_log; };
channel queries_log {
file "/var/log/named/queries.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
category network { network_log; };
channel network_log {
file "/var/log/named/network.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
category unmatched { unmatched_log; };
channel unmatched_log {
file "/var/log/named/unmatched.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
category dispatch { dispatch_log; };
channel dispatch_log {
file "/var/log/named/dispatch.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
category general { general_log; };
channel general_log {
file "/var/log/named/general.log" versions 10 size 500k;
severity dynamic;
print-severity yes;
print-time yes;
};
};
--
Kimi
More information about the bind-users
mailing list