I can dig a domain but named won't resolve it.

Keith Burgoyne keith at silverorange.com
Thu Sep 22 16:34:09 UTC 2011


Here's the named.conf file from my name server. It's pretty basic, and 
creates a view for internal use, and external. It hosts internal DNS for 
local machines that's used on two internal networks, and external DNS 
for our hosted domains, recursive lookups from our public IP block, etc.

// {{{ options

options
{
	// Make named use port 53 for the source of all queries, to allow
	// firewalls to block all ports except 53:
	//
	query-source    port 53;
	query-source-v6 port 53;

	// Put files that named is allowed to write in the data/ directory:
	directory			"/var/named";
	dump-file			"stats/cache_dump.db";
	statistics-file		"stats/named_stats.txt";
	memstatistics-file	"stats/named_mem_stats.txt";

	// by default, don't allow any transfers
	allow-transfer { "none"; };
};

// }}}
// {{{ logging

logging
{
	// If you want to enable debugging, eg. using the 'rndc trace' command,
	// named will try to write the 'named.run' file in the $directory 
(/var/named).
	// By default, SELinux policy does not allow named to modify the 
/var/named directory,
	// so put the default debug log file in data/ :

	channel default_debug {
		file "stats/named.run";
		severity debug;
	};

	category lame-servers { null; };
};

// }}}
// {{{ internal

view "internal"
{
     // This view will contain zones you want to serve only to 
"internal" clients
     // that connect via your directly attached LAN interfaces - 
"localnets" .

     match-clients       { 192.168.0.0/24; localhost; 10.8.0.0/24; };
     match-destinations  { 192.168.0.0/24; localhost; 10.8.0.0/24; };

	// allow recursive lookups (zones that we don't host)
	allow-recursion { 192.168.0.0/24; localhost; 10.8.0.0/24; };

	// allow our non-primary name servers to get zone data
	allow-transfer { 192.168.0.2; };

     // all views must contain the root hints zone:
     include "/etc/named.domains.root";

     // include the domains that we serve
     include "/etc/named.domains.internal";
};

// }}}
// {{{ external

view "external"
{
	// This view will contain zones you want to serve only to "external" 
clients
	// that have addresses that are not on your directly attached LAN 
interface subnets:

	// allow recursion from within our subnet
	allow-recursion { 24.222.7.0/24; };

	// allow our non-primary name servers to get zone data
	allow-transfer { 24.222.7.2; 24.222.7.40; };


	// all views must contain the root hints zone:
	include "/etc/named.domains.root";

	// include the domains that we serve
	include "/etc/named.domains.external";
};

// }}}



On 22/09/11 05:24 AM, Niall O'Reilly wrote:
> On 22/09/11 01:02, Keith Burgoyne wrote:
>> Any advice would be massively appreciated.
>
> 	The +trace operation which you say is failing for you
> 	works from my network -- at home, where I have to use NAT.
>
> 	It looks as if either your network or the nameserver you're
> 	using (according to your message, at 24.222.7.12) is
> 	misconfigured.
>
> 	If you're prepared to share your nameserver configuration
> 	on the list, you may find that some people are minded to
> 	give advice.
>
> 	It the problem lies in your network, you'll need to do
> 	some packet capture to find out what's not happening.
>
>
> 	Best regards,
> 	Niall O'Reilly
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users




More information about the bind-users mailing list