First usage of BIND9
rob0 at gmx.co.uk
Sat Nov 24 18:32:22 UTC 2012
On Sat, Nov 24, 2012 at 06:39:31PM +0100, Daniele Imbrogino wrote:
> I'd like to use BIND9 in the simplest way possible: I just want
> to install it and use it for name resolution of Internet hosts.
> So, on Ubuntu 12.04, I run "sudo apt-get install bind9 bind9utils
> bind9-doc" and then "dig @127.0.0.1 www.amazon.com" (for example),
> but I ALWAYS obtain a SERVFAIL.
> Why? Is it necessary a configuration for this minimal use, too?
No, but your distributor gave you one; it apparently does not work.
You could empty out your named.conf(5) and get the result you want:
root at telescreen:~# cd /etc/
root at telescreen:/etc# mv named.conf named.conf.dist
root at telescreen:/etc# touch named.conf
root at telescreen:/etc# named
root at telescreen:/etc# dig @127.0.0.1 www.amazon.com any
By default you will allow recursion for "localnets" (the BIND built
in ACL for all locally-attached networks.) If it's behind a router,
this is probably what you want. If not, you might want to restrict
your configuration (listen-on or allow-query) on the external
interface, and/or block the traffic (inbound to both ports 53, TCP
and UDP) in your firewall.
Offer void where taxed or prohibited, or where something funny is
going on (like a router hijacking DNS.)
http://rob0.nodns4.us/ -- system administration and consulting
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
More information about the bind-users