Problem getting "forwarders" section in named.conf.options to work

Dawn Connelly dawn.connelly at gmail.com
Mon Jul 28 00:35:01 UTC 2008


You might still have the negative answered cached. Clear the cache on the
machine you are trying from and try again.
On Sun, Jul 27, 2008 at 5:01 PM, Adam Olsen <arolsen at gmail.com> wrote:

> Andy, Dawn,
>
> Thanks!  Now sendoutcards.com is resolving, but it's acting kind of
> weird.  I'm not sure if it has to do with the DNS configuration or not.
> pinging sendoutcards.com or mail.sendoutcards.com gives the correct
> address, but the ping command hangs.  I can't even press CTRL+C to stop it.
> Pinging the IP alone does not cause this problem.
>
> I don't know if this matters much, it seems I can connect to the various
> important ports just fine.
>
> Thanks again
>
>
> On Sun, Jul 27, 2008 at 5:27 PM, Dawn Connelly <dawn.connelly at gmail.com>wrote:
>
>> Sorry, forgot to mention that you need to change the recursion no; to
>> recursion yes; first...then it will read the allow-recursion statement.
>>
>>
>> On Sun, Jul 27, 2008 at 4:24 PM, Dawn Connelly <dawn.connelly at gmail.com>
>> wrote:
>>
>>> Actually you will probably want to use either an @ or
>>> sendoutcards.com....so either of these should work
>>> @  IN  A  206.71.90.5
>>> or
>>> sendoutcards.com. IN A 206.71.90.5 {notice the dot at the end of the
>>> domain...if you don't have the dot at the end, it won't work}
>>>
>>> As far as getting other machines to be able to query your DNS server for
>>> records it isn't authoritative for, you need to enable recursion. PLEASE
>>> MAKE SURE YOU LIMIT THE IPS THAT CAN MAKE RECURSIVE QUERIES!
>>>
>>> Rather than:
>>>
>>> recursion no;
>>>
>>> It needs to be:
>>> allow-recurions { internal_networks };
>>>
>>> Then create a ACL in your options section with:
>>> acl "internal_networks" {
>>>      10.0.0.0/8;
>>>
>>>
>>>
>>>      172.16.0.0/12;
>>>      192.168.0.0/16;
>>>      127.0.0.0/8;
>>>
>>>
>>> };
>>>
>>> Make sure to list out all the subnets that make up your internal network.
>>>
>>>
>>>
>>> On Sun, Jul 27, 2008 at 4:07 PM, Andy Shellam <
>>> andy.shellam-lists at mailnetwork.co.uk> wrote:
>>>
>>>> Hi Adam,
>>>>
>>>> I cannot help with the forwarders, but I think the reason you're not
>>>> being able to ping "sendoutcards.com" is because it's not defined in
>>>> your zone file for this reason: a blank "name" field (the first field of
>>>> a record) tells Bind to use the previous record's name again.
>>>>
>>>> So here:
>>>>
>>>> nas1        NS  nas1.sendoutcards.com.
>>>>
>>>>            A   206.71.90.5
>>>> www         A   206.71.90.5
>>>>
>>>>
>>>> what you're telling Bind is that "nas1" has an NS record of
>>>> nas1.sendoutcards.com., and an A record of 206.71.90.5.
>>>> Try either putting "A 206.71.90.5" after your MX record, or I believe
>>>> you can use a "." to indicate the root of the zone (e.g. ". A
>>>> 206.71.90.5")
>>>>
>>>> Hope this helps one of your queries,
>>>>
>>>> Andy
>>>>
>>>> Adam Olsen wrote:
>>>> > I'm having a bit of trouble with a few things in my configuration.  I
>>>> > am trying to set up DNS for the sendoutcards.com domain, including
>>>> > mail.
>>>> >
>>>> > Here is my zone file:
>>>> >
>>>> > $TTL    604800
>>>> > @           IN      SOA ns2.sendoutcards.com. root.sendoutcards.com.
>>>> (
>>>> >            20080532     ; Serial
>>>> >                          604800         ; Refresh
>>>> >                           86400         ; Retry
>>>> >                         2419200         ; Expire
>>>> >                          604800 )       ; Negative Cache TTL
>>>> > ;
>>>> >
>>>> >             MX  10  mail.sendoutcards.com.
>>>> >             NS  ns2.sendoutcards.com.
>>>> > nas1        NS  nas1.sendoutcards.com.
>>>> >
>>>> >             A   206.71.90.5
>>>> > www         A   206.71.90.5
>>>> > mail        A   206.71.90.6
>>>> > swetesoc    A   10.1.1.3
>>>> > web4        A   10.1.1.11
>>>> > carl        A   10.1.1.7
>>>> > fs2         A   10.1.1.18
>>>> > masterdb    A   10.1.1.12
>>>> > slavedb     A   10.1.1.13
>>>> > nappy       A   10.1.1.4
>>>> > nas1        A   10.1.1.24
>>>> >
>>>> > This is on the secondary dns server.  With this setup, I can ping
>>>> > mail.sendoutcards.com, www.sendoutcards.com, but not plain
>>>> > 'sendoutcards.com'.  Also, if I set up a remote machine to use this
>>>> > DNS server in /etc/resolv.conf, that machine cannot ping 'google.com'
>>>> > (the log on the DNS server says 'query (cache) denied'.
>>>> >
>>>> > I tried setting up forwarders {};  in named.conf.options to my ISP
>>>> > assigned DNS servers, but if I do that, my zone file seems to get
>>>> > ignored entirely.
>>>> >
>>>> > I know I'm probably doing this wrong, but there are so many examples
>>>> > on the net with so many different formats to use in the zone file.
>>>> > Any help here would be appreciated.
>>>> >
>>>> > --
>>>> > Adam Olsen
>>>> > SendOutCards.com
>>>> > http://www.vimtips.org
>>>> > http://last.fm/user/synic
>>>> >
>>>> >
>>>> >
>>>>
>>>>
>>>
>>
>
>
> --
> Adam Olsen
> SendOutCards.com
> http://www.vimtips.org
> http://last.fm/user/synic
>




More information about the bind-users mailing list