[TriLUG] DNS ( BIND 9 )

Jon Carnes jonc at nc.rr.com
Sun Jun 27 23:15:02 EDT 2004


On Sun, 2004-06-27 at 18:35, Brian McCullough wrote:
> OK, I give up.
> 
> As I mentioned a while ago, I used to be quite familiar with BIND 4 and
> was able to set up DNS servers that worked.  I also have managed to get
> BIND 8 to work sometimes, but don't seem to be able to get my latest
> machine to cooperate.
> 
> I am running OpenBSD 3.5 on this machine, and intend to provide a local
> DNS server for my internal network, passing through all other domains to
> the outside.  I have been reading various postings, and trying the
> suggestions given, as you will see in the following files.  I suspect
> that all of my problems are within the named.conf file, since I don't
> think that zone files have changed drastically.  Because of that, I will
> start by just posting /var/named/etc/named.conf ( that is the "official"
> one, right, since I don't seem to find one in /etc. ) .  
> 
I'm running named on Open BSD v3.5. works like a charm.
What errors are you getting?

> BTW, is there a difference in using the IP address of the local machine or should I always use 127.0.0.1 in the /etc/resolv.conf file? ( If that makes sense. )

Yes. You should use 127.0.0.1. Although if you are going to allow anyone
to attach to the server and use it for DNS (and you've opened up the
firewall to allow that) then it doesn't make any difference.
> 
> OK, here is /var/named/etc/named.conf:

Run the file through named-checkconf:
  sudo -s
  cd /var/named/etc/
  named-checkconf named.conf

That will tell you if you have any syntax errors in the file.

> 
> ======================================================================
> // $OpenBSD: named-dual.conf,v 1.5 2003/09/22 20:44:32 jakob Exp $
> //
> // Example file for a named configuration with dual views,
> // one processing recursive queries only and one processing
> // authoritative-only queries.
> 
> 
> // Update this list to include only the networks for which you want
> // to execute recursive queries. The default setting allows all hosts
> // on any IPv4 networks for which the system has an interface, and
> // the IPv6 localhost address.
> //


> acl clients {
>         localnets;
> 	::1;
> };

Try:
  acl clients { any; };

Once things are working, you can drop it back to "localnets" instead.

> 
> options {
> 	version "";     // remove this to allow version queries
> 
> 	listen-on    { any; };
> 	listen-on-v6 { any; };
> 

You don't need the "forwarders", especially since you are defining that
*only* localnet folks can use your DNS server for general look ups. 
In general you would only us a forwarder for servers running behind a
firewall or in a large private organization (forwarding to a centralized
server). 
>         forwarders   {
> 		64.244.27.141 ;
> 		192.101.21.1;
> 		128.109.131.3;
> 		207.217.126.11;
> 		207.217.121.214 ;
> 		207.217.126.41 ;
> 		207.217.77.42 ;
> 	} ;


> };
> 
> logging {
> 	category lame-servers { null; };
> };
> 
> view "recursive" {
> 	match-clients { clients; };
> 	match-recursive-only yes;
> 
> 	// Standard
> 	// zones
> 	//
> 	zone "." {
> 		type hint;
>                 file "standard/root.hint";
>         };
> 
>         zone "localhost" {
>                 type master;
>                 file "standard/localhost";
>                 allow-transfer { localhost; };
>         };
> 
>         zone "127.in-addr.arpa" {
>                 type master;
>                 file "standard/loopback";
>                 allow-transfer { localhost; };
>         };
> 
>         zone
> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" {
>                 type master;
>                 file "standard/loopback6.arpa";
>                 allow-transfer { localhost; };
>         };
> 
>         zone
> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.int" {
>                 type master;
>                 file "standard/loopback6.int";
>                 allow-transfer { localhost; };
>         };
> 
>         zone "com" {
>                 type delegation-only;
>         };
> 
>         zone "net" {
>                 type delegation-only;
>         };
> };
> 
> view "authoritative" {
>         recursion no;
>         additional-from-auth no;
>         additional-from-cache no;
> 
>         // Master zones
>         //
>         zone "bdmcc-us.com" {
>                 type master;
>                 file "master/bdmcc-us.com";
>         };
> 
>         zone "1.168.192.in-addr.arpa" {
>                 type master;
>                 file "master/192.168.1";
>         };
> 
>         // Slave zones
>         //
>         //zone "otherzone.net" {
>         //      type slave;
>         //      file "slave/otherzone.net";
>         //      masters { 192.168.1.10; [...;] };
>         //};
> };
> 
> 
> ======================== End of File ===============================
> 
> 
> So, what obvious mistake have I made?
> 
> 
> Thanks,
> Brian

If you can't get this one to work try dropping back to the
named-simple.conf.

Good Luck - Jon Carnes




More information about the TriLUG mailing list