problem with named.conf
Matt Sickler
crazyfordynamite at gmail.com
Tue Mar 27 03:51:42 UTC 2007
well, my website is msk3.ath.cx and i host a couple subdomains - using the
*.msk3.ath.cx was because /etc/hosts doesnt support wildcards
i think i added the search feature because I like to name my computers
"<5LetterName>.msk3.ath.cx" and refer to them as just "<5LetterName>"
On 3/26/07, Kal Feher <kal.feher at melbourneit.com.au> wrote:
>
> This is a function of the client software not BIND. Assuming you have a
> good
> reason for using a wildcard in your " msk3.ath.cx." zone, you'll need to
> remove the search suffix. But that isn't a very good way of *fixing* the
> problem.
>
> The thing to note here is that BIND *is* responding with a timeout. Your
> client machines are simply looking up a new address (search domains
> appended) and your wildcard record naturally matches these secondary
> lookups.
>
> Perhaps if you could enunciate why you have a wildcard, we could suggest
> something more appropriate?
>
>
> On 27/3/07 12:43 PM, "Matt Sickler" <crazyfordynamite at gmail.com> wrote:
>
> > is there any way to fix this so that when the link is down it responds
> with
> > a timeout or something?
> > On 3/26/07, Dawn Connelly <dawn.connelly at gmail.com> wrote:
> >>
> >> It looks like you are forwarding to DNS servers that are not on your
> LAN
> >> so when your network link is down, the requests you aren't
> authoritative for
> >> and don't have cache for are timing out. Since the requesting machine
> isn't
> >> getting an answer for the DNS record it's asking for, it's appending it
> with
> >> anything it has in it's search suffix. If they are querying for
> >> www.google.com, it doesn't get an answer so queries for
> >> www.google.com.msk3.ath.cx. Since you have a wildcard A record, it'll
> >> match everything that has been appended. The best way to show this is
> when
> >> your internet connection is down, do a query for < www.google.com
> .> Make
> >> sure to do it once WITH a period at the end and once WITHOUT a period
> at the
> >> end. The one with a period will time out. The one without a period will
> >> append with the msk3.ath.cx domain and you'll get that wildcard answer.
> >>
> >> On 3/26/07, Matt Sickler <crazyfordynamite at gmail.com > wrote:
> >>>
> >>> I have been trying to set up a local (LAN only) dns server that does
> >>> recursive lookups for domains it does not control (i think this is
> what
> >>> i
> >>> mean...) basically I want it to be authoritative for example.com -
> but
> >>> resort to asking another dns server[s] for everything else (and caches
> >>> the
> >>> answer)
> >>> the problem with my config now is that whenever my internet connection
> >>> goes
> >>> down, for some reason the server returns 192.168.24.11 for any dns
> >>> request -
> >>> some have said this is because i set my servers to be on the "
> >>> msk3.ath.cx"
> >>> domain and it matches a "*.msk3.ath.cx. IN A 192.168.24.11" line in
> the
> >>> msk3.ath.cx db....
> >>> perhaps there is a way to fix this?
> >>>
> >>> <config>
> >>> //
> >>> // named.conf for Red Hat caching-nameserver
> >>> //
> >>> /* this little bit is supposed to only allow my subnet to use it (
> >>> 192.168.24.0/24)
> >>> controls {
> >>> inet 192.168.1.5 allow {
> >>> 192.168.24.0/24;
> >>> localhost;
> >>> } keys {
> >>> rndckey;
> >>> };
> >>> };
> >>> */
> >>>
> >>>
> >>> options {
> >>> directory "/var/named";
> >>> dump-file "/var/named/data/cache_dump.db";
> >>> statistics-file "/var/named/data/named_stats.txt";
> >>> /*
> >>> * If there is a firewall between you and nameservers you want
> >>> * to talk to, you might need to uncomment the query-source
> >>> * directive below. Previous versions of BIND always asked
> >>> * questions using port 53, but BIND 8.1 uses an unprivileged
> >>> * port by default.
> >>> */
> >>> // query-source address * port 53;
> >>> forwarders {
> >>> // these are the servers id like it to ask if it doesnt have the
> answer
> >>> // and cache results
> >>> // OpenDNS
> >>> 208.67.222.222;
> >>> 208.67.220.220;
> >>> // Alliance
> >>> 66.231.7.27;
> >>> 66.231.7.28;
> >>> };
> >>> };
> >>> logging {
> >>> channel default_debug {
> >>> file "data/named.run";
> >>> severity dynamic;
> >>> };
> >>> };
> >>>
> >>> //
> >>> // a caching only nameserver config
> >>> //
> >>>
> >>> zone "24.168.192.IN-ADDR.ARPA." IN {
> >>> type master;
> >>> file "192.168.24.db";
> >>> };
> >>> zone "msk3.ath.cx." IN {
> >>> type master;
> >>> file " msk3.ath.cx.db";
> >>> };
> >>> zone "kisho.mine.nu." IN {
> >>> type master;
> >>> file "kisho.mine.nu.db";
> >>> };
> >>> zone "xitix.mine.nu ." IN {
> >>> type master;
> >>> file "xitix.mine.nu.db";
> >>> };
> >>> zone "." IN {
> >>> type hint;
> >>> file "named.ca";
> >>> };
> >>>
> >>> zone "localdomain" IN {
> >>> type master;
> >>> file "localdomain.zone";
> >>> allow-update { none; };
> >>> };
> >>>
> >>> zone "localhost" IN {
> >>> type master;
> >>> file "localhost.zone";
> >>> allow-update { none; };
> >>> };
> >>>
> >>> zone "0.0.127.in-addr.arpa" IN {
> >>> type master;
> >>> file "named.local";
> >>> allow-update { none; };
> >>> };
> >>>
> >>> zone "
> >>> 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
> >>> IN {
> >>> type master;
> >>> file "named.ip6.local";
> >>> allow-update { none; };
> >>> };
> >>>
> >>> zone "255.in-addr.arpa" IN {
> >>> type master;
> >>> file "named.broadcast";
> >>> allow-update { none; };
> >>> };
> >>>
> >>> zone "0.in-addr.arpa" IN {
> >>> type master;
> >>> file "named.zero";
> >>> allow-update { none; };
> >>> };
> >>>
> >>> include "/etc/rndc.key";
> >>> </config>
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
> >
>
> --
> Kal Feher
> Team Leader
> Network Services and Production Support
> Melbourne IT Ltd
> Level 2, 120 King Street
> Melbourne Victoria 3000
> AUSTRALIA
> Ph: + 61 3 8624 2326
> Mob: + 61 400 072 569
> Website: www.MelbourneIT.com.au
>
>
More information about the bind-users
mailing list