Here are the configuration files.<br><br><br># more named.conf<br>include "/etc/bind/named.conf.options";<br><br>// prime the server with knowledge of the root servers<br>zone "." {<br> type hint;<br>
file "/etc/bind/db.root";<br>};<br><br>// be authoritative for the localhost forward and reverse zones, and for<br>// broadcast zones as per RFC 1912<br><br>zone "localhost" {<br> type master;<br>
file "/etc/bind/db.local";<br>};<br><br>zone "127.in-addr.arpa" {<br> type master;<br> file "/etc/bind/db.127";<br>};<br><br>zone "0.in-addr.arpa" {<br> type master;<br>
file "/etc/bind/db.0";<br>};<br><br>zone "255.in-addr.arpa" {<br> type master;<br> file "/etc/bind/db.255";<br>};<br><br><br>zone "<a href="http://lazarusalliance.com">lazarusalliance.com</a>" {<br>
type master;<br> file "/etc/bind/db.lazarusalliance.com.hosts";<br> allow-update {<br> any;<br> };<br> allow-transfer {<br> any;<br> };<br>
allow-query {<br> any;<br> };<br>};<br><br>zone "99.12.71.in-addr.arpa" {<br> type master;<br> file "/etc/bind/71.12.99.rev";<br>};<br><br>include "/etc/bind/named.conf.local";<br>
logging {<br> category lame-servers {<br> null;<br> };<br> };<br>key rndc-key {<br> algorithm hmac-md5;<br> secret "********************************************";<br>
};<br>controls {<br> inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };<br> };<br>++++++++++++++++++++++++++++++<br><br># more named.conf.local<br>//<br>// Do any local configuration here<br>
//<br><br>// Consider adding the 1918 zones here, if they are not used in your<br>// organization<br>//include "/etc/bind/zones.rfc1918";<br><br>++++++++++++++++++++++++++++++<br>
<br># more named.conf.options<br>options {<br> directory "/var/cache/bind";<br><br> // If there is a firewall between you and nameservers you want<br> // to talk to, you might need to uncomment the query-source<br>
// directive below. Previous versions of BIND always asked<br> // questions using port 53, but BIND 8.1 and later use an unprivileged<br> // port by default.<br><br>query-source address * port 53;<br>
<br> // If your ISP provided one or more IP addresses for stable<br> // nameservers, you probably want to use them as forwarders.<br> // Uncomment the following block, and insert the addresses replacing<br>
// the all-0's placeholder.<br><br> // forwarders {<br> // 0.0.0.0;<br> // };<br><br> auth-nxdomain no; # conform to RFC1035<br> listen-on-v6 { any; };<br> allow-transfer {<br>
any;<br> };<br> allow-query {<br> any;<br> };<br>};<br><br>++++++++++++++++++++++++++++++<br>
<br># more db.lazarusalliance.com.hosts<br>$ttl 3600<br>@ IN SOA <a href="http://castor.lazarusalliance.com">castor.lazarusalliance.com</a>. <a href="http://postmaster.lazarusalliance.com">postmaster.lazarusalliance.com</a>. (<br>
2010022604<br> 1200<br> 3600<br> 1209600<br> 3600 )<br>;<br>@ 3600 IN NS <a href="http://castor.lazarusalliance.com">castor.lazarusalliance.com</a>.<br>
@ 3600 IN NS <a href="http://pollux.lazarusalliance.com">pollux.lazarusalliance.com</a>.<br>;<br><a href="http://castor.lazarusalliance.com">castor.lazarusalliance.com</a>. IN A 71.12.99.115<br>
<a href="http://pollux.lazarusalliance.com">pollux.lazarusalliance.com</a>. IN A 71.12.99.116<br><a href="http://lazarusalliance.com">lazarusalliance.com</a>. IN A 71.12.99.118<br>;<br><a href="http://lazarusalliance.com">lazarusalliance.com</a>. IN MX 5 <a href="http://castor.lazarusalliance.com">castor.lazarusalliance.com</a>.<br>
<br><br>++++++++++++++++++++++++++++++<br>
<br># more 71.12.99.rev<br>$TTL 38400<br>@ IN SOA <a href="http://castor.lazarusalliance.com">castor.lazarusalliance.com</a>. <a href="http://postmaster.lazarusalliance.com">postmaster.lazarusalliance.com</a>. (<br>
2010032007<br> 10800<br> 3600<br> 604800<br> 38400 )<br>@ IN NS <a href="http://castor.lazarusalliance.com">castor.lazarusalliance.com</a>.<br>
115 IN PTR <a href="http://castor.lazarusalliance.com">castor.lazarusalliance.com</a>.<br>116 IN PTR <a href="http://pollux.lazarusalliance.com">pollux.lazarusalliance.com</a>.<br>118 IN PTR <a href="http://lazarusalliance.com">lazarusalliance.com</a>.<br>
<br><br><br><br><div class="gmail_quote">On Sun, Mar 21, 2010 at 2:19 PM, michael peters <span dir="ltr"><<a href="mailto:mdpeters67@gmail.com">mdpeters67@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Here is more information.<br><br>I'm testing my external BIND 9.6.1 systems with <a href="http://www.checkdns.net/powercheck.aspx" target="_blank">http://www.checkdns.net/powercheck.aspx</a>.
Outbound resolution is fine. Internal resolution is fine. External
resolution seems to be the problem. My firewall allows port 53 UDP and
TCP.<br>
<br>The messages I get are:<br><br>Found NS record: <a href="http://castor.lazarusalliance.com/" target="_blank">castor.lazarusalliance.com</a>[71.<div>12.99.115],
was resolved to IP address by <a href="http://g.gtld-servers.net/" target="_blank">G.GTLD-SERVERS.NET</a><br>
Found NS record: <a href="http://pollux.lazarusalliance.com/" target="_blank">pollux.lazarusalliance.com</a>[71.12.99.116], was
resolved to IP address by <a href="http://g.gtld-servers.net/" target="_blank">G.GTLD-SERVERS.NET</a><br>Domain has 2 DNS server(s)<br>
<br>CheckDNS.NET is verifying if NS are alive<br>Error fetching SOA from
<a href="http://castor.lazarusalliance.com/" target="_blank">castor.lazarusalliance.com</a>
[71.12.99.115], request timed out. Probably DNS server is offline.<br>Error
fetching SOA from <a href="http://pollux.lazarusalliance.com/" target="_blank">pollux.lazarusalliance.com</a> [71.12.99.116], request
timed out. Probably DNS server is offline.<br>
0 server(s) are alive<br>No DNS servers alive, tests stopped<br><br>What
other information should I provide to be helpful in getting this
solved?</div><br><br><div class="gmail_quote"><div><div></div><div class="h5">On Sun, Mar 21, 2010 at 2:03 PM, Alan Clegg <span dir="ltr"><<a href="mailto:aclegg@isc.org" target="_blank">aclegg@isc.org</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;"><div><div></div><div class="h5">
<div>michael peters wrote:<br>
> Is it a problem to get a message from a DNS checking tool that indicates<br>
</div>> "Error fetching SOA from <a href="http://ns1.example.com" target="_blank">ns1.example.com</a> <<a href="http://ns1.example.com" target="_blank">http://ns1.example.com</a>>?" Both<br>
<div>> of my external BIND 9.6.1 servers respond the same way and I'm assuming<br>
> that I need to add something to my configuration.<br>
<br>
</div>We know nothing about your configuration, nothing about the zone that<br>
you are trying to serve, and nothing about the "checking tool" that you<br>
are using to test.<br>
<br>
Not much to go on. Feel free to post configuration information and we<br>
might be able to help.<br>
<br>
AlanC<br>
<br>
<br></div></div><div class="im">_______________________________________________<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br></div></blockquote></div><br>
</blockquote></div><br>