First usage of BIND9

/dev/rob0 rob0 at gmx.co.uk
Sat Nov 24 18:32:22 UTC 2012


On Sat, Nov 24, 2012 at 06:39:31PM +0100, Daniele Imbrogino wrote:
> I'd like to use BIND9 in the simplest way possible: I just want
> to install it and use it for name resolution of Internet hosts.
> So, on Ubuntu 12.04, I run "sudo apt-get install bind9 bind9utils
> bind9-doc" and then "dig @127.0.0.1 www.amazon.com" (for example),
> but I ALWAYS obtain a SERVFAIL.
> Why? Is it necessary a configuration for this minimal use, too?

No, but your distributor gave you one; it apparently does not work. 
You could empty out your named.conf(5) and get the result you want:

root at telescreen:~# cd /etc/
root at telescreen:/etc# mv named.conf named.conf.dist
root at telescreen:/etc# touch named.conf
root at telescreen:/etc# named
root at telescreen:/etc# dig @127.0.0.1 www.amazon.com any
...

By default you will allow recursion for "localnets" (the BIND built 
in ACL for all locally-attached networks.) If it's behind a router, 
this is probably what you want. If not, you might want to restrict 
your configuration (listen-on or allow-query) on the external 
interface, and/or block the traffic (inbound to both ports 53, TCP 
and UDP) in your firewall.

Offer void where taxed or prohibited, or where something funny is 
going on (like a router hijacking DNS.)
-- 
  http://rob0.nodns4.us/ -- system administration and consulting
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:



More information about the bind-users mailing list