Problem getting "forwarders" section in named.conf.options to work

Dawn Connelly dawn.connelly at gmail.com
Sun Jul 27 23:24:30 UTC 2008 

Actually you will probably want to use either an @ or sendoutcards.com....so
either of these should work
@  IN  A  206.71.90.5
or
sendoutcards.com. IN A 206.71.90.5 {notice the dot at the end of the
domain...if you don't have the dot at the end, it won't work}
As far as getting other machines to be able to query your DNS server for
records it isn't authoritative for, you need to enable recursion. PLEASE
MAKE SURE YOU LIMIT THE IPS THAT CAN MAKE RECURSIVE QUERIES!

Rather than:

recursion no;

It needs to be:
allow-recurions { internal_networks };

Then create a ACL in your options section with:
acl "internal_networks" {
     10.0.0.0/8;
     172.16.0.0/12;
     192.168.0.0/16;
     127.0.0.0/8;
};

Make sure to list out all the subnets that make up your internal network.



On Sun, Jul 27, 2008 at 4:07 PM, Andy Shellam <
andy.shellam-lists at mailnetwork.co.uk> wrote:

> Hi Adam,
>
> I cannot help with the forwarders, but I think the reason you're not
> being able to ping "sendoutcards.com" is because it's not defined in
> your zone file for this reason: a blank "name" field (the first field of
> a record) tells Bind to use the previous record's name again.
>
> So here:
>
> nas1        NS  nas1.sendoutcards.com.
>
>            A   206.71.90.5
> www         A   206.71.90.5
>
>
> what you're telling Bind is that "nas1" has an NS record of
> nas1.sendoutcards.com., and an A record of 206.71.90.5.
> Try either putting "A 206.71.90.5" after your MX record, or I believe
> you can use a "." to indicate the root of the zone (e.g. ". A 206.71.90.5
> ")
>
> Hope this helps one of your queries,
>
> Andy
>
> Adam Olsen wrote:
> > I'm having a bit of trouble with a few things in my configuration.  I
> > am trying to set up DNS for the sendoutcards.com domain, including
> > mail.
> >
> > Here is my zone file:
> >
> > $TTL    604800
> > @           IN      SOA ns2.sendoutcards.com. root.sendoutcards.com. (
> >            20080532     ; Serial
> >                          604800         ; Refresh
> >                           86400         ; Retry
> >                         2419200         ; Expire
> >                          604800 )       ; Negative Cache TTL
> > ;
> >
> >             MX  10  mail.sendoutcards.com.
> >             NS  ns2.sendoutcards.com.
> > nas1        NS  nas1.sendoutcards.com.
> >
> >             A   206.71.90.5
> > www         A   206.71.90.5
> > mail        A   206.71.90.6
> > swetesoc    A   10.1.1.3
> > web4        A   10.1.1.11
> > carl        A   10.1.1.7
> > fs2         A   10.1.1.18
> > masterdb    A   10.1.1.12
> > slavedb     A   10.1.1.13
> > nappy       A   10.1.1.4
> > nas1        A   10.1.1.24
> >
> > This is on the secondary dns server.  With this setup, I can ping
> > mail.sendoutcards.com, www.sendoutcards.com, but not plain
> > 'sendoutcards.com'.  Also, if I set up a remote machine to use this
> > DNS server in /etc/resolv.conf, that machine cannot ping 'google.com'
> > (the log on the DNS server says 'query (cache) denied'.
> >
> > I tried setting up forwarders {};  in named.conf.options to my ISP
> > assigned DNS servers, but if I do that, my zone file seems to get
> > ignored entirely.
> >
> > I know I'm probably doing this wrong, but there are so many examples
> > on the net with so many different formats to use in the zone file.
> > Any help here would be appreciated.
> >
> > --
> > Adam Olsen
> > SendOutCards.com
> > http://www.vimtips.org
> > http://last.fm/user/synic
> >
> >
> >
>
>

More information about the bind-users mailing list