problem with named.conf
Kal Feher
kal.feher at melbourneit.com.au
Tue Mar 27 03:23:46 UTC 2007
This is a function of the client software not BIND. Assuming you have a good
reason for using a wildcard in your " msk3.ath.cx." zone, you'll need to
remove the search suffix. But that isn't a very good way of *fixing* the
problem.
The thing to note here is that BIND *is* responding with a timeout. Your
client machines are simply looking up a new address (search domains
appended) and your wildcard record naturally matches these secondary
lookups.
Perhaps if you could enunciate why you have a wildcard, we could suggest
something more appropriate?
On 27/3/07 12:43 PM, "Matt Sickler" <crazyfordynamite at gmail.com> wrote:
> is there any way to fix this so that when the link is down it responds with
> a timeout or something?
> On 3/26/07, Dawn Connelly <dawn.connelly at gmail.com> wrote:
>>
>> It looks like you are forwarding to DNS servers that are not on your LAN
>> so when your network link is down, the requests you aren't authoritative for
>> and don't have cache for are timing out. Since the requesting machine isn't
>> getting an answer for the DNS record it's asking for, it's appending it with
>> anything it has in it's search suffix. If they are querying for
>> www.google.com, it doesn't get an answer so queries for
>> www.google.com.msk3.ath.cx. Since you have a wildcard A record, it'll
>> match everything that has been appended. The best way to show this is when
>> your internet connection is down, do a query for < www.google.com.> Make
>> sure to do it once WITH a period at the end and once WITHOUT a period at the
>> end. The one with a period will time out. The one without a period will
>> append with the msk3.ath.cx domain and you'll get that wildcard answer.
>>
>> On 3/26/07, Matt Sickler <crazyfordynamite at gmail.com > wrote:
>>>
>>> I have been trying to set up a local (LAN only) dns server that does
>>> recursive lookups for domains it does not control (i think this is what
>>> i
>>> mean...) basically I want it to be authoritative for example.com - but
>>> resort to asking another dns server[s] for everything else (and caches
>>> the
>>> answer)
>>> the problem with my config now is that whenever my internet connection
>>> goes
>>> down, for some reason the server returns 192.168.24.11 for any dns
>>> request -
>>> some have said this is because i set my servers to be on the "
>>> msk3.ath.cx"
>>> domain and it matches a "*.msk3.ath.cx. IN A 192.168.24.11" line in the
>>> msk3.ath.cx db....
>>> perhaps there is a way to fix this?
>>>
>>> <config>
>>> //
>>> // named.conf for Red Hat caching-nameserver
>>> //
>>> /* this little bit is supposed to only allow my subnet to use it (
>>> 192.168.24.0/24)
>>> controls {
>>> inet 192.168.1.5 allow {
>>> 192.168.24.0/24;
>>> localhost;
>>> } keys {
>>> rndckey;
>>> };
>>> };
>>> */
>>>
>>>
>>> options {
>>> directory "/var/named";
>>> dump-file "/var/named/data/cache_dump.db";
>>> statistics-file "/var/named/data/named_stats.txt";
>>> /*
>>> * If there is a firewall between you and nameservers you want
>>> * to talk to, you might need to uncomment the query-source
>>> * directive below. Previous versions of BIND always asked
>>> * questions using port 53, but BIND 8.1 uses an unprivileged
>>> * port by default.
>>> */
>>> // query-source address * port 53;
>>> forwarders {
>>> // these are the servers id like it to ask if it doesnt have the answer
>>> // and cache results
>>> // OpenDNS
>>> 208.67.222.222;
>>> 208.67.220.220;
>>> // Alliance
>>> 66.231.7.27;
>>> 66.231.7.28;
>>> };
>>> };
>>> logging {
>>> channel default_debug {
>>> file "data/named.run";
>>> severity dynamic;
>>> };
>>> };
>>>
>>> //
>>> // a caching only nameserver config
>>> //
>>>
>>> zone "24.168.192.IN-ADDR.ARPA." IN {
>>> type master;
>>> file "192.168.24.db";
>>> };
>>> zone "msk3.ath.cx." IN {
>>> type master;
>>> file " msk3.ath.cx.db";
>>> };
>>> zone "kisho.mine.nu." IN {
>>> type master;
>>> file "kisho.mine.nu.db";
>>> };
>>> zone "xitix.mine.nu ." IN {
>>> type master;
>>> file "xitix.mine.nu.db";
>>> };
>>> zone "." IN {
>>> type hint;
>>> file "named.ca";
>>> };
>>>
>>> zone "localdomain" IN {
>>> type master;
>>> file "localdomain.zone";
>>> allow-update { none; };
>>> };
>>>
>>> zone "localhost" IN {
>>> type master;
>>> file "localhost.zone";
>>> allow-update { none; };
>>> };
>>>
>>> zone "0.0.127.in-addr.arpa" IN {
>>> type master;
>>> file "named.local";
>>> allow-update { none; };
>>> };
>>>
>>> zone "
>>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa "
>>> IN {
>>> type master;
>>> file "named.ip6.local";
>>> allow-update { none; };
>>> };
>>>
>>> zone "255.in-addr.arpa" IN {
>>> type master;
>>> file "named.broadcast";
>>> allow-update { none; };
>>> };
>>>
>>> zone "0.in-addr.arpa" IN {
>>> type master;
>>> file "named.zero";
>>> allow-update { none; };
>>> };
>>>
>>> include "/etc/rndc.key";
>>> </config>
>>>
>>>
>>>
>>>
>>
>
>
>
--
Kal Feher
Team Leader
Network Services and Production Support
Melbourne IT Ltd
Level 2, 120 King Street
Melbourne Victoria 3000
AUSTRALIA
Ph: + 61 3 8624 2326
Mob: + 61 400 072 569
Website: www.MelbourneIT.com.au
More information about the bind-users
mailing list