problem with named.conf

Tue Mar 27 03:23:46 UTC 2007

This is a function of the client software not BIND. Assuming you have a good
reason for using a wildcard in your " msk3.ath.cx." zone, you'll need to
remove the search suffix. But that isn't a very good way of *fixing* the
problem.

The thing to note here is that BIND *is* responding with a timeout. Your
client machines are simply looking up a new address (search domains
appended) and your wildcard record naturally matches these secondary
lookups.

Perhaps if you could enunciate why you have a wildcard, we could suggest
something more appropriate?

On 27/3/07 12:43 PM, "Matt Sickler" <crazyfordynamite at gmail.com> wrote:

> is there any way to fix this so that when the link is down it responds with
> a timeout or something?
> On 3/26/07, Dawn Connelly <dawn.connelly at gmail.com> wrote:
>> 
>> It looks like you are forwarding to DNS servers that are not on your LAN
>> so when your network link is down, the requests you aren't authoritative for
>> and don't have cache for are timing out. Since the requesting machine isn't
>> getting an answer for the DNS record it's asking for, it's appending it with
>> anything it has in it's search suffix. If they are querying for
>> www.google.com, it doesn't get an answer so queries for
>> www.google.com.msk3.ath.cx. Since you have a wildcard A record, it'll
>> match everything that has been appended. The best way to show this is when
>> your internet connection is down, do a query for < www.google.com.>  Make
>> sure to do it once WITH a period at the end and once WITHOUT a period at the
>> end. The one with a period will time out. The one without a period will
>> append with the msk3.ath.cx domain and you'll get that wildcard answer.
>> 
>> On 3/26/07, Matt Sickler <crazyfordynamite at gmail.com > wrote:
>>> 
>>> I have been trying to set up a local (LAN only) dns server that does
>>> recursive lookups for domains it does not control (i think this is what
>>> i
>>> mean...)  basically I want it to be authoritative for example.com - but
>>> resort to asking another dns server[s] for everything else (and caches
>>> the
>>> answer)
>>> the problem with my config now is that whenever my internet connection
>>> goes
>>> down, for some reason the server returns 192.168.24.11 for any dns
>>> request -
>>> some have said this is because i set my servers to be on the "
>>> msk3.ath.cx"
>>> domain and it matches a "*.msk3.ath.cx. IN A 192.168.24.11" line in the
>>> msk3.ath.cx db....
>>> perhaps there is a way to fix this?
>>> 
>>> <config>
>>> //
>>> // named.conf for Red Hat caching-nameserver
>>> //
>>> /* this little bit is supposed to only allow my subnet to use it (
>>> 192.168.24.0/24)
>>> controls {
>>>     inet 192.168.1.5 allow {
>>>     192.168.24.0/24;
>>>     localhost;
>>>   } keys {
>>>     rndckey;
>>>   };
>>> };
>>> */
>>> 
>>> 
>>> options {
>>>     directory "/var/named";
>>>     dump-file "/var/named/data/cache_dump.db";
>>>     statistics-file "/var/named/data/named_stats.txt";
>>>     /*
>>>      * If there is a firewall between you and nameservers you want
>>>      * to talk to, you might need to uncomment the query-source
>>>      * directive below.  Previous versions of BIND always asked
>>>      * questions using port 53, but BIND 8.1 uses an unprivileged
>>>      * port by default.
>>>      */
>>>      // query-source address * port 53;
>>>     forwarders {
>>> // these are the servers id like it to ask if it doesnt have the answer
>>> // and cache results
>>>         // OpenDNS
>>>          208.67.222.222;
>>>         208.67.220.220;
>>>         // Alliance
>>>         66.231.7.27;
>>>         66.231.7.28;
>>>     };
>>> };
>>> logging {
>>>         channel default_debug {
>>>                 file "data/named.run";
>>>                 severity dynamic;
>>>         };
>>> };
>>> 
>>> //
>>> // a caching only nameserver config
>>> //
>>> 
>>> zone "24.168.192.IN-ADDR.ARPA." IN {
>>>     type master;
>>>     file "192.168.24.db";
>>> };
>>> zone "msk3.ath.cx." IN {
>>>     type master;
>>>     file " msk3.ath.cx.db";
>>> };
>>> zone "kisho.mine.nu." IN {
>>>     type master;
>>>     file "kisho.mine.nu.db";
>>> };
>>> zone "xitix.mine.nu ." IN {
>>>     type master;
>>>     file "xitix.mine.nu.db";
>>> };
>>> zone "." IN {
>>>     type hint;
>>>     file "named.ca";
>>> };
>>> 
>>> zone "localdomain" IN {
>>>     type master;
>>>     file "localdomain.zone";
>>>     allow-update { none; };
>>> };
>>> 
>>> zone "localhost" IN {
>>>     type master;
>>>     file "localhost.zone";
>>>     allow-update { none; };
>>> };
>>> 
>>> zone "0.0.127.in-addr.arpa" IN {
>>>     type master;
>>>     file "named.local";
>>>     allow-update { none; };
>>> };
>>> 
>>> zone "
>>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa "
>>> IN {
>>>     type master;
>>>     file "named.ip6.local";
>>>     allow-update { none; };
>>> };
>>> 
>>> zone "255.in-addr.arpa" IN {
>>>     type master;
>>>     file "named.broadcast";
>>>     allow-update { none; };
>>> };
>>> 
>>> zone "0.in-addr.arpa" IN {
>>>     type master;
>>>     file "named.zero";
>>>     allow-update { none; };
>>> };
>>> 
>>> include "/etc/rndc.key";
>>> </config>
>>> 
>>> 
>>> 
>>> 
>> 
> 
> 
> 

-- 
Kal Feher
Team Leader
Network Services and Production Support
Melbourne IT Ltd
Level 2, 120 King Street
Melbourne Victoria 3000
AUSTRALIA
Ph:    + 61 3 8624 2326
Mob:   + 61 400 072 569
Website:   www.MelbourneIT.com.au 