Most external domains do not resolve (missing root servers?)

Dawn Connelly dawn.connelly at gmail.com
Sat Nov 15 17:50:45 UTC 2008


You have recursion set to no. So the only thing the DNS server will answer
for is zones it is authoritative for. If you want to use it as a DNS server
for clients, you need to allow recursionfor an ACL that has the IP address
space that your clients are coming from. Here's an example:

acl "trusted" {
     192.168.0.0/16;
     10.153.154.0/24;
     localhost;
     localnets;
 };

 options {
     ...
     allow-query { any; };
     allow-recursion { trusted; };
     allow-query-cache { trusted; };
     ...
 };



On Sat, Nov 15, 2008 at 7:36 AM, Ian Gregson <contact at iangregson.com> wrote:

>  Hi there,
>
>
>
> Can anyone help? I finally managed to configure bind on Windows and it
> seems to be working ok but most of the external addresses (i.e. yahoo.com,
> google.com etc) do not resolve.
>
>
>
> The crazy thing is .. some I can browser with firefox but NOT many, i.e.
> experts-exchange.com, linux.derkeiler.com work OK
>
>
>
> I presume its working off some kind of cache…
>
>
>
> What I did do was downloaded the named.root file and placed it in etc  (see
> my named.conf for config "." Zone - I have placed after this).
>
>
>
> I think the issue is with the root servers not resolving as I ran a trace
> using dig and get this back … even for experts-exchange.com (which
> resolves in firefox), I am really lost… Heres the output from dig using the
> +trace … and here is my named.conf …
>
>
>
> Any help really appreciated, basically my idea is .. to check if the domain
> exists locally and if not forward to another dns server to have it resolved
>
>
>
> C:\Windows\SysWOW64\dns\bin>dig +trace experts-exchange.com
>
>
>
> ; <<>> DiG 9.5.0-P2-W2 <<>> +trace experts-exchange.com
>
> ;; global options:  printcmd
>
> .                       3600000 IN      NS      H.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      L.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      C.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      J.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      G.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      K.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      I.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      M.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      D.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      B.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      A.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      E.ROOT-SERVERS.NET.
>
> .                       3600000 IN      NS      F.ROOT-SERVERS.NET.
>
> ;; Received 228 bytes from 127.0.0.1#53(127.0.0.1)<http://127.0.0.1#53%28127.0.0.1%29>in 39 ms
>
>
>
> dig: couldn't get address for 'E.ROOT-SERVERS.NET': not found
>
>
>
> C:\Windows\SysWOW64\dns\bin>
>
>
>
> options {
>
>       directory "c:\windows\SysWOW64\dns\etc";
>
>       version "not currently available";
>
>       pid-file "run\named.pid";
>
>       allow-transfer { none; };
>
>       recursion no;
>
>       forwarders { 208.67.222.222; 208.67.220.220; };
>
>       forward only;
>
> };
>
>
>
> logging{
>
>       channel my_log{
>
>             file "log\named.log" versions 3 size 250k;
>
>             severity info;
>
>       };
>
>       category default{
>
>                   my_log;
>
>       };
>
> };
>
>
>
> zone "." {
>
> type hint;
>
> file "named.root";
>
> };
>
>
>
> zone "mylocalemail.com" IN {
>
>       type master;
>
>       file "zones\db.mylocalemail.com.txt";
>
>       allow-transfer { none; };
>
> };
>
>
>
> key "rndc-key" {
>
>       algorithm hmac-md5;
>
>       secret "whaaa2JlhJJFWWDQbaGSSA3BA==";
>
> };
>
>
>
> controls {
>
>       inet 127.0.0.1 port 953
>
>             allow { 127.0.0.1; } keys { "rndc-key"; };
>
> };
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Bind-users mailing list
> Bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>



-- 
Google for President
YouTube for VP
in any year divisible by 4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20081115/c393a11f/attachment.html>


More information about the bind-users mailing list