#1  
Old 18th August 2010, 02:18
Polk Polk is offline
Member
 
Join Date: May 2008
Location: Denver, CO, USA
Posts: 84
Thanks: 21
Thanked 0 Times in 0 Posts
Send a message via ICQ to Polk Send a message via MSN to Polk
Default BIND configuration

Hi,
I'm running BIND on Centos5 and in resolv.conf I have
Code:
nameserver 127.0.0.1
But I can't resolve any external addresses.
Code:
ping: unknown host yahoo.com
If I set nameserver to opendns or some public dns it obviously works, but how can I fix it so I used my own BIND dns and still could resolve to outside?
DNS iteself is working and domains are working fine from outside. even dnsstuff.com passes on ALL checks.
Reply With Quote
Sponsored Links
  #2  
Old 18th August 2010, 10:13
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

Code:
options {
    directory "/var/cache/bind";

    forwarders {
        1.2.3.4;
        5.6.7.8;
    };

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};
do you have an options{} that looks like this? add some ip's in forwarders{} (of your isp f.e.)
Reply With Quote
  #3  
Old 18th August 2010, 10:40
Polk Polk is offline
Member
 
Join Date: May 2008
Location: Denver, CO, USA
Posts: 84
Thanks: 21
Thanked 0 Times in 0 Posts
Send a message via ICQ to Polk Send a message via MSN to Polk
Default

Indeed I didn't have forwarders and at first was happy for the solution, but when I added forwarders, nothing changes. I have first restarted named service, then restarted server and nothing still.
Code:
ping: unknown host yahoo.com
Any more ideas?
Reply With Quote
  #4  
Old 18th August 2010, 10:47
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

so ehm


Code:
host yahoo.com <ip of a forwarder>
works, but
Code:
host yahoo.com
doesn't?

my resolv.conf says:
nameserver localhost

and i got the forwarders in the bind config .. should work..
Reply With Quote
  #5  
Old 18th August 2010, 11:04
Polk Polk is offline
Member
 
Join Date: May 2008
Location: Denver, CO, USA
Posts: 84
Thanks: 21
Thanked 0 Times in 0 Posts
Send a message via ICQ to Polk Send a message via MSN to Polk
Default

That's exactly right.

Code:
host yahoo.com <ip of a forwarder>
Works

Code:
host yahoo.com
Doesn't work.

/etc/resolv.conf

Code:
#search localhost.localdomain
nameserver 127.0.0.1
/var/named/chroot/etc/named.conf

Code:
options {
        listen-on port 53 { 127.0.0.1;  serverip; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named/chroot/var/named";
        dump-file       "/var/named/chroot/var/named/data/cache_dump.db";
        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.tx$
        recursion no;
        transfer-format many-answers;
        max-transfer-time-in 60;
        interface-interval 0;
        allow-transfer  { dns2ip; };
        forwarders { 208.67.222.222; 208.67.220.220; };
        version none;
        auth-nxdomain no;               # conform to RFC1035
};
can anyone help?
Reply With Quote
  #6  
Old 18th August 2010, 11:29
Polk Polk is offline
Member
 
Join Date: May 2008
Location: Denver, CO, USA
Posts: 84
Thanks: 21
Thanked 0 Times in 0 Posts
Send a message via ICQ to Polk Send a message via MSN to Polk
Default

Well, I moved a little closer to the solution.
The question is for experts:

How to keep external recursion off and allow internal recursion?

this doesnt seem to help:
Code:
allow-recursion { 127.0.0.1; local_ip; };
Reply With Quote
  #7  
Old 18th August 2010, 11:41
Polk Polk is offline
Member
 
Join Date: May 2008
Location: Denver, CO, USA
Posts: 84
Thanks: 21
Thanked 0 Times in 0 Posts
Send a message via ICQ to Polk Send a message via MSN to Polk
Default

Solution:

Code:
recursion yes;
allow-recursion { 127.0.0.1; local_ip; };
Reply With Quote
  #8  
Old 18th August 2010, 12:01
Mark_NL Mark_NL is offline
Senior Member
 
Join Date: Sep 2008
Location: The Netherlands
Posts: 912
Thanks: 12
Thanked 100 Times in 96 Posts
Default

so everything works now?
Reply With Quote
  #9  
Old 18th August 2010, 17:17
Polk Polk is offline
Member
 
Join Date: May 2008
Location: Denver, CO, USA
Posts: 84
Thanks: 21
Thanked 0 Times in 0 Posts
Send a message via ICQ to Polk Send a message via MSN to Polk
 
Default

Quote:
Originally Posted by Mark_NL View Post
so everything works now?
Yes. and I suggest you using that configuration too. Recursion should be allowed within local network only. This is the only way you will pass dnsstuff.com tests.
Good luck and thanks for giving me hints where could be the issue.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Freeradius and Mysql uvstudios HOWTO-Related Questions 4 19th February 2014 12:11
All my mail is going to /var/mail/vmail _sluimers_ Installation/Configuration 21 10th January 2011 13:21
FreeRadius + MySQL working, but I don't know how to customise SQL queries awe Installation/Configuration 4 4th April 2010 23:28
The system is currently updating the configuration files. warlock General 8 21st February 2009 18:15
Bind-Chroot-Howto (Debian) spaz HOWTO-Related Questions 5 9th March 2006 14:50


All times are GMT +2. The time now is 09:31.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.