BIND configuration

Discussion in 'Installation/Configuration' started by Polk, Aug 18, 2010.

  1. Polk

    Polk HowtoForge Supporter

    Hi,
    I'm running BIND on Centos5 and in resolv.conf I have
    Code:
    nameserver 127.0.0.1
    But I can't resolve any external addresses.
    Code:
    ping: unknown host yahoo.com
    If I set nameserver to opendns or some public dns it obviously works, but how can I fix it so I used my own BIND dns and still could resolve to outside?
    DNS iteself is working and domains are working fine from outside. even dnsstuff.com passes on ALL checks.
     
    Polk, Aug 18, 2010
    #1
  2. Mark_NL

    Mark_NL New Member

    Code:
    options {
    directory "/var/cache/bind";

    forwarders {
        1.2.3.4;
        5.6.7.8;
    };

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
};
    do you have an options{} that looks like this? add some ip's in forwarders{} (of your isp f.e.)
     
    Mark_NL, Aug 18, 2010
    #2
  3. Polk

    Polk HowtoForge Supporter

    Indeed I didn't have forwarders and at first was happy for the solution, but when I added forwarders, nothing changes. I have first restarted named service, then restarted server and nothing still.
    Code:
    ping: unknown host yahoo.com
    Any more ideas?
     
    Polk, Aug 18, 2010
    #3
  4. Mark_NL

    Mark_NL New Member

    so ehm


    Code:
    host yahoo.com <ip of a forwarder>
    works, but
    Code:
    host yahoo.com
    doesn't?

    my resolv.conf says:
    nameserver localhost

    and i got the forwarders in the bind config .. should work..
     
    Mark_NL, Aug 18, 2010
    #4
  5. Polk

    Polk HowtoForge Supporter

    That's exactly right.

    Code:
    host yahoo.com <ip of a forwarder>
    Works

    Code:
    host yahoo.com
    Doesn't work.

    /etc/resolv.conf

    Code:
    #search localhost.localdomain
nameserver 127.0.0.1
    /var/named/chroot/etc/named.conf

    Code:
    options {
        listen-on port 53 { 127.0.0.1;  serverip; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named/chroot/var/named";
        dump-file       "/var/named/chroot/var/named/data/cache_dump.db";
        statistics-file "/var/named/chroot/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.tx$
        recursion no;
        transfer-format many-answers;
        max-transfer-time-in 60;
        interface-interval 0;
        allow-transfer  { dns2ip; };
        forwarders { 208.67.222.222; 208.67.220.220; };
        version none;
        auth-nxdomain no;               # conform to RFC1035
};
    can anyone help?
     
    Polk, Aug 18, 2010
    #5
  6. Polk

    Polk HowtoForge Supporter

    Well, I moved a little closer to the solution.
    The question is for experts:

    How to keep external recursion off and allow internal recursion?

    this doesnt seem to help:
    Code:
    allow-recursion { 127.0.0.1; local_ip; };
     
    Polk, Aug 18, 2010
    #6
  7. Polk

    Polk HowtoForge Supporter

    Solution:

    Code:
    recursion [B]yes[/B];
allow-recursion { 127.0.0.1; local_ip; };
     
    Polk, Aug 18, 2010
    #7
  8. Mark_NL

    Mark_NL New Member

    so everything works now?
     
    Mark_NL, Aug 18, 2010
    #8
  9. Polk

    Polk HowtoForge Supporter

    Yes. and I suggest you using that configuration too. Recursion should be allowed within local network only. This is the only way you will pass dnsstuff.com tests.
    Good luck and thanks for giving me hints where could be the issue.
     
    Polk, Aug 18, 2010
    #9

Share This Page