problem with named.conf

Tue Mar 27 03:46:22 UTC 2007

> is there any way to fix this so that when the link is down it responds with
> a timeout or something?

	It does.  It is the resolver's search algorithm that is
	continuing on failure rather than aborting.
	Take msk3.ath.cx out of the search list in resolv.conf.

	Mark

> On 3/26/07, Dawn Connelly <dawn.connelly at gmail.com> wrote:
> >
> > It looks like you are forwarding to DNS servers that are not on your LAN
> > so when your network link is down, the requests you aren't authoritative fo
> r
> > and don't have cache for are timing out. Since the requesting machine isn't
> > getting an answer for the DNS record it's asking for, it's appending it wit
> h
> > anything it has in it's search suffix. If they are querying for
> > www.google.com, it doesn't get an answer so queries for
> > www.google.com.msk3.ath.cx. Since you have a wildcard A record, it'll
> > match everything that has been appended. The best way to show this is when
> > your internet connection is down, do a query for < www.google.com.>  Make
> > sure to do it once WITH a period at the end and once WITHOUT a period at th
> e
> > end. The one with a period will time out. The one without a period will
> > append with the msk3.ath.cx domain and you'll get that wildcard answer.
> >
> > On 3/26/07, Matt Sickler <crazyfordynamite at gmail.com > wrote:
> > >
> > > I have been trying to set up a local (LAN only) dns server that does
> > > recursive lookups for domains it does not control (i think this is what
> > > i
> > > mean...)  basically I want it to be authoritative for example.com - but
> > > resort to asking another dns server[s] for everything else (and caches
> > > the
> > > answer)
> > > the problem with my config now is that whenever my internet connection
> > > goes
> > > down, for some reason the server returns 192.168.24.11 for any dns
> > > request -
> > > some have said this is because i set my servers to be on the "
> > > msk3.ath.cx"
> > > domain and it matches a "*.msk3.ath.cx. IN A 192.168.24.11" line in the
> > > msk3.ath.cx db....
> > > perhaps there is a way to fix this?
> > >
> > > <config>
> > > //
> > > // named.conf for Red Hat caching-nameserver
> > > //
> > > /* this little bit is supposed to only allow my subnet to use it (
> > > 192.168.24.0/24)
> > > controls {
> > >     inet 192.168.1.5 allow {
> > >     192.168.24.0/24;
> > >     localhost;
> > >   } keys {
> > >     rndckey;
> > >   };
> > > };
> > > */
> > >
> > >
> > > options {
> > >     directory "/var/named";
> > >     dump-file "/var/named/data/cache_dump.db";
> > >     statistics-file "/var/named/data/named_stats.txt";
> > >     /*
> > >      * If there is a firewall between you and nameservers you want
> > >      * to talk to, you might need to uncomment the query-source
> > >      * directive below.  Previous versions of BIND always asked
> > >      * questions using port 53, but BIND 8.1 uses an unprivileged
> > >      * port by default.
> > >      */
> > >      // query-source address * port 53;
> > >     forwarders {
> > > // these are the servers id like it to ask if it doesnt have the answer
> > > // and cache results
> > >         // OpenDNS
> > >          208.67.222.222;
> > >         208.67.220.220;
> > >         // Alliance
> > >         66.231.7.27;
> > >         66.231.7.28;
> > >     };
> > > };
> > > logging {
> > >         channel default_debug {
> > >                 file "data/named.run";
> > >                 severity dynamic;
> > >         };
> > > };
> > >
> > > //
> > > // a caching only nameserver config
> > > //
> > >
> > > zone "24.168.192.IN-ADDR.ARPA." IN {
> > >     type master;
> > >     file "192.168.24.db";
> > > };
> > > zone "msk3.ath.cx." IN {
> > >     type master;
> > >     file " msk3.ath.cx.db";
> > > };
> > > zone "kisho.mine.nu." IN {
> > >     type master;
> > >     file "kisho.mine.nu.db";
> > > };
> > > zone "xitix.mine.nu ." IN {
> > >     type master;
> > >     file "xitix.mine.nu.db";
> > > };
> > > zone "." IN {
> > >     type hint;
> > >     file "named.ca";
> > > };
> > >
> > > zone "localdomain" IN {
> > >     type master;
> > >     file "localdomain.zone";
> > >     allow-update { none; };
> > > };
> > >
> > > zone "localhost" IN {
> > >     type master;
> > >     file "localhost.zone";
> > >     allow-update { none; };
> > > };
> > >
> > > zone "0.0.127.in-addr.arpa" IN {
> > >     type master;
> > >     file "named.local";
> > >     allow-update { none; };
> > > };
> > >
> > > zone "
> > > 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa "
> > > IN {
> > >     type master;
> > >     file "named.ip6.local";
> > >     allow-update { none; };
> > > };
> > >
> > > zone "255.in-addr.arpa" IN {
> > >     type master;
> > >     file "named.broadcast";
> > >     allow-update { none; };
> > > };
> > >
> > > zone "0.in-addr.arpa" IN {
> > >     type master;
> > >     file "named.zero";
> > >     allow-update { none; };
> > > };
> > >
> > > include "/etc/rndc.key";
> > > </config>
> > >
> > >
> > >
> > >
> >
> 
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org