DNS connection refused : round-robin pools
Darcy Kevin (FCA)
kevin.darcy at fcagroup.com
Wed Aug 26 21:43:06 UTC 2015
How is DNS organized for the national VPN? Is someone running root nameservers? A "private" version of the .cu namespace, that the rest of us can't see, perhaps?
If you're trying to build this from scratch, then you can start by setting up your own root zone. But I suspect there's something already available, and you just need to ask around and find out how to configure your local nameserver to access the national DNS infrastructure.
- Kevin
-----Original Message-----
From: bind-users-bounces at lists.isc.org [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Int
Sent: Wednesday, August 26, 2015 5:41 PM
To: bind-users at lists.isc.org
Cc: nrgd at eml.cc
Subject: DNS connection refused : round-robin pools
Importance: High
I do not have access to Internet in my case, only have access to a national VPN, As I can disable the zone "."
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
As I can avoid that the DNS try to get connected to consult db.root In order that in the DNS you not get lost time trying to access addresses IP unreachable or refused for my NET
Regularly I check my Log and I find the following: The DNS trying to access places of Internet
I need to publish in my DNS for my very NET'S correct functioning Addresses my servers's IP premises in DMZ, And that this out-of-doors only upon command sites .cu, Should solve it the server DNS making another servers forward DNS authorized in our national VPN
# tail -1000 /var/log/syslog |grep named
Aug 26 21:17:26 ns2 named[1093]: error (connection refused) resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 192.58.128.30#53 Aug 26 21:17:26 ns2 named[1093]: error (connection refused) resolving 'D.ROOT-SERVERS.NET/AAAA/IN': 128.8.10.90#53 Aug 26 21:17:26 ns2 named[1093]: error (connection refused) resolving 'C.ROOT-SERVERS.NET/AAAA/IN': 192.228.79.201#53 Aug 26 21:17:26 ns2 named[1093]: error (connection refused) resolving 'B.ROOT-SERVERS.NET/AAAA/IN': 192.228.79.201#53 Aug 26 21:17:26 ns2 named[1093]: error (connection refused) resolving 'E.ROOT-SERVERS.NET/AAAA/IN': 192.112.36.4#53
Tell me if they have any suggestion for my case.
Greetings from Cuba
William
-----------------------------------
I run bind 9.10.2-P3.
I have three classes of forwarders that I'd like to use:
(1) my own, hosted forwarder. fast & private, but not redundant infrastructure
(2) private/encrypted hosted forwarders. slow, private, and redundant infrastructure.
(3) reliable ISP & public forwarders. fast, redundant, privacy-challenged (Google, OpenDNS, AT&T, etc).
Reading the Arm & chatting in #irc IIUC 'forwarders' are NOT queried in order listed, and there's no option to set priority, failover, round-robin etc.
I'm requesting such a feature.
For example,
Forwaders would be queried in order of priority, and pools of multiple forwarders would be round-robin weighted within a given priority level.
So in conf, we could have
forward only;
forwarders { 11.11.11.11 port 11111 prio 1; 22.22.22.1 port 53 prio 2; 22.22.22.2 port 53 prio 2; 8.8.8.8 prio 3; 8.8.4.4 prio 3; };
Thanks!
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list