HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   BIND configuration (http://www.howtoforge.com/forums/showthread.php?t=48038)

Polk 18th August 2010 02:18

BIND configuration
 
Hi,
I'm running BIND on Centos5 and in resolv.conf I have
Code:

nameserver 127.0.0.1
But I can't resolve any external addresses.
Code:

ping: unknown host yahoo.com
If I set nameserver to opendns or some public dns it obviously works, but how can I fix it so I used my own BIND dns and still could resolve to outside?
DNS iteself is working and domains are working fine from outside. even dnsstuff.com passes on ALL checks.

Mark_NL 18th August 2010 10:13

Code:

options {
    directory "/var/cache/bind";

    forwarders {
        1.2.3.4;
        5.6.7.8;
    };

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};

do you have an options{} that looks like this? add some ip's in forwarders{} (of your isp f.e.)

Polk 18th August 2010 10:40

Indeed I didn't have forwarders and at first was happy for the solution, but when I added forwarders, nothing changes. I have first restarted named service, then restarted server and nothing still.
Code:

ping: unknown host yahoo.com
Any more ideas?

Mark_NL 18th August 2010 10:47

so ehm


Code:

host yahoo.com <ip of a forwarder>
works, but
Code:

host yahoo.com
doesn't?

my resolv.conf says:
nameserver localhost

and i got the forwarders in the bind config .. should work..

Polk 18th August 2010 11:04

That's exactly right.

Code:

host yahoo.com <ip of a forwarder>
Works

Code:

host yahoo.com
Doesn't work.

/etc/resolv.conf

Code:

#search localhost.localdomain
nameserver 127.0.0.1

/var/named/chroot/etc/named.conf

Code:

options {
        listen-on port 53 { 127.0.0.1;  serverip; };
        listen-on-v6 port 53 { ::1; };
        directory      "/var/named/chroot/var/named";
        dump-file      "/var/named/chroot/var/named/data/cache_dump.db";
        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.tx$
        recursion no;
        transfer-format many-answers;
        max-transfer-time-in 60;
        interface-interval 0;
        allow-transfer  { dns2ip; };
        forwarders { 208.67.222.222; 208.67.220.220; };
        version none;
        auth-nxdomain no;              # conform to RFC1035
};

can anyone help?

Polk 18th August 2010 11:29

Well, I moved a little closer to the solution.
The question is for experts:

How to keep external recursion off and allow internal recursion?

this doesnt seem to help:
Code:

allow-recursion { 127.0.0.1; local_ip; };

Polk 18th August 2010 11:41

Solution:

Code:

recursion yes;
allow-recursion { 127.0.0.1; local_ip; };


Mark_NL 18th August 2010 12:01

so everything works now?

Polk 18th August 2010 17:17

Quote:

Originally Posted by Mark_NL (Post 236781)
so everything works now?

Yes. and I suggest you using that configuration too. Recursion should be allowed within local network only. This is the only way you will pass dnsstuff.com tests.
Good luck and thanks for giving me hints where could be the issue.


All times are GMT +2. The time now is 01:53.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.