Problem with DNS on mandriva 2007

Dixon, Justin Justin.Dixon at BBandT.com
Tue Jan 30 13:50:13 UTC 2007


> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Carlos
> Alberto Bernat Orozco
> Sent: Tuesday, January 30, 2007 00:06
> To: bind-users at isc.org
> Subject: Re: Problem with DNS on mandriva 2007
> 
> Hi group
> Sorry but I'm clueless. My server still does not resolve. Let me
explain my
> self. I configured all my zones to make my DNS server.
> 
> This is my named.conf
> 
> 
> include "/etc/rndc.key";
> 
> controls {
>     inet 127.0.0.1 port 953
>     allow { 127.0.0.1; } keys { mykey; };
> };
> 
> // Access lists (ACL's) should be defined here
> include "/etc/bogon_acl.conf";
> include "/etc/trusted_networks_acl.conf";
> 
> // Define logging channels
> include "/etc/logging.conf";
> 
> options {
>     version "";
>     directory "/var/named";
>     dump-file "/var/tmp/named_dump.db";
>     pid-file "/var/run/named.pid";
>     statistics-file "/var/tmp/named.stats";
>     zone-statistics yes;
> //    datasize 256M;
>     coresize 100M;
> //    fetch-glue no;
> //    recursion no;
> //    recursive-clients 10000;
>     auth-nxdomain yes;
>     query-source address * port *;
>     listen-on port 53 { any; };
>     cleaning-interval 120;
>     transfers-in 20;
>     transfers-per-ns 2;
>     lame-ttl 0;
>     max-ncache-ttl 10800;
>     notify no;
>    transfer-format many-answers;
> max-transfer-time-in 60;
> interface-interval 0;
>     allow-recursion { trusted_networks; };
>    blackhole { bogon; };
> };
> 
> zone "ac" { type delegation-only; };
> zone "cc" { type delegation-only; };
> zone "com" { type delegation-only; };
> zone "cx" { type delegation-only; };
> zone "lv" { type delegation-only; };
> zone "museum" { type delegation-only; };
> zone "net" { type delegation-only; };
> zone "nu" { type delegation-only; };
> zone "ph" { type delegation-only; };
> zone "sh" { type delegation-only; };
> zone "tm" { type delegation-only; };
> zone "ws" { type delegation-only; };
> 
> zone "." IN {
>         type hint;
>         file "named.ca";
> };
> 
> zone "localdomain" IN {
>         type master;
>         file "master/localdomain.zone";
>         allow-update { none; };
> };
> 
> zone "localhost" IN {
>         type master;
>         file "master/localhost.zone";
>         allow-update { none; };
> };
> 
> zone "0.0.127.in-addr.arpa" IN {
>         type master;
>         file "reverse/named.local";
>         allow-update { none; };
> };
> 
> zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
> IN {
>         type master;
>         file "reverse/named.ip6.local";
>         allow-update { none; };
> };
> 
> zone "255.in-addr.arpa" IN {
>         type master;
>         file "reverse/named.broadcast";
>         allow-update { none; };
> };
> 
> zone "0.in-addr.arpa" IN {
>         type master;
>         file "reverse/named.zero";
>         allow-update { none; };
> };
> //poner master/
> zone "codisert.com.co" IN {
>         type master;
>         file "codisert.com.co.db";
>         allow-update { none; };
> };
> //poner reverse/
> zone "66.21.200.in-addr.arpa" IN {
>         type master;
>         file "200.21.66.rev";
>         allow-update { none; };
> };
> //poner reverse/
> zone "62.21.200.in-addr.arpa" IN {
>         type master;
>         file "200.21.62.rev";
>         allow-update { none; };
> };
> 
> ########################################
> And these are my DNS querys with the -x option:
> 
>  # dig @200.21.66.194 -x 200.21.66.194
> 
> ; <<>> DiG 9.3.0 <<>> @200.21.66.194 -x 200.21.66.194
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43611
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
> 
> ;; QUESTION SECTION:
> ;194.66.21.200.in-addr.arpa.    IN      PTR
> 
> ;; ANSWER SECTION:
> 194.66.21.200.in-addr.arpa. 3600 IN     PTR
ethereal.codisert.com.co.
> 
> ;; AUTHORITY SECTION:
> 66.21.200.in-addr.arpa. 604800  IN      NS
ethereal.codisert.com.co.
> 
> ;; ADDITIONAL SECTION:
> ethereal.codisert.com.co. 604800 IN     A       200.21.66.194
> 
> ;; Query time: 39 msec
> ;; SERVER: 200.21.66.194#53(200.21.66.194)
> ;; WHEN: Tue Jan 30 00:01:42 2007
> ;; MSG SIZE  rcvd: 112
> 
> 
> Thanks to Stephen, I added a dot on my 200.21.66.rev file. What I
understood
> is to allow recursion in order to make work my DNS server. But still
> continue my problem.
> 
> I've reading about recursion, and I think that if is enable it by
default,
> then what other causes could posibble affect that my DNS server does
not
> resolv any web site? I already configured my firewall. But I'm lost
with
> this issue.
> 
> Please give some more steps to get more info. I have a week with no
> solution.
> 
> 
> Thanks in advanced and sorry for the dummie question
> 
> Carlos Bernat
> 
> 2007/1/29, Barry Margolin <barmar at alum.mit.edu>:
> >
> > In article <epmdd7$2rfd$1 at sf1.isc.org>,
> > "Carlos Alberto Bernat Orozco" <cabo81 at gmail.com> wrote:
> >
> > > Hi group
> > > Thanks Stephane for your answers. Sorry, my mistake on the -x
option on
> > the
> > > dig command. What you said before is that my DNS won't resolve
unless
> > uses
> > > recursion to make querys.
> > >
> > > Sorry, I've been reading about how enable it (recursion) but I
can't
> > find
> > > info. How can I enable it (in the zones, named.conf) ? or where
can I
> > find
> > > info to enable it?
> >
> > Recursion is enabled by default, you have to disable it with
"recursion
> > no;" or "allow-recursion { <acl> };" in named.conf.
> >
> > --
> > Barry Margolin, barmar at alum.mit.edu
> > Arlington, MA
> > *** PLEASE post questions in newsgroups, not directly to me ***
> > *** PLEASE don't copy me on replies, I'll read them in the group ***
> >
> >
> >
> 
> 
> 

>     allow-recursion { trusted_networks; };

What are the contents of the trusted_networks ACL above? This could be
your problem. What do the logs say when you look through them?

Justin Dixon



More information about the bind-users mailing list