Name Resolve
Stefan Puiu
stefan.puiu at gmail.com
Thu Mar 15 11:13:48 UTC 2007
On 3/15/07, Wael Shahin <wael.shahin at gmail.com> wrote:
> Well, the other server is views and it is not complex at all
>
> options {
> directory "/var/named/";
> dump-file "/var/named/data/cache_dump.db";
> statistics-file "/var/named/data/named_stats.txt";
> version "Get Lost";
> datasize default;
> querylog no;
> recursive-clients 30000;
> edns-udp-size 512;
^^^^
This is one difference that sticks out - it's a workaround for
firewalls blocking DNS packets bigger than 512 bytes. If your firewall
has that problem and you can't replace or fix it, you can use this as
a workaround on your first server, too.
IIRC, you can check whether it's your case using dig. Quoting from an
older mail by Mark Andrews (you can find it in the list archives -
http://marc.info/?l=bind-users&m=110479849321451&w=2):
> > You can determine if the firewall is misconfigured if you get
> > a response to the first query and not to the second query.
> >
> > dig soa com +norec @a.root-servers.net
> > dig soa com +norec +bufsize=1024 @a.root-servers.net
> pid-file "/var/named/named.pid";
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> // query-source address * port 53;
> };
>
>
> View 1
> acl internal { 192.168.0.0/16; };
> view "internal" {
> match-clients { internal; };
> recursion yes;
>
>
>
> >>
> >>
> >>
>
More information about the bind-users
mailing list