Hi, I'm running BIND on Centos5 and in resolv.conf I have Code: nameserver 127.0.0.1 But I can't resolve any external addresses. Code: ping: unknown host yahoo.com If I set nameserver to opendns or some public dns it obviously works, but how can I fix it so I used my own BIND dns and still could resolve to outside? DNS iteself is working and domains are working fine from outside. even dnsstuff.com passes on ALL checks.
Code: options { directory "/var/cache/bind"; forwarders { 1.2.3.4; 5.6.7.8; }; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; do you have an options{} that looks like this? add some ip's in forwarders{} (of your isp f.e.)
Indeed I didn't have forwarders and at first was happy for the solution, but when I added forwarders, nothing changes. I have first restarted named service, then restarted server and nothing still. Code: ping: unknown host yahoo.com Any more ideas?
so ehm Code: host yahoo.com <ip of a forwarder> works, but Code: host yahoo.com doesn't? my resolv.conf says: nameserver localhost and i got the forwarders in the bind config .. should work..
That's exactly right. Code: host yahoo.com <ip of a forwarder> Works Code: host yahoo.com Doesn't work. /etc/resolv.conf Code: #search localhost.localdomain nameserver 127.0.0.1 /var/named/chroot/etc/named.conf Code: options { listen-on port 53 { 127.0.0.1; serverip; }; listen-on-v6 port 53 { ::1; }; directory "/var/named/chroot/var/named"; dump-file "/var/named/chroot/var/named/data/cache_dump.db"; statistics-file "/var/named/chroot/var/named/data/named_stats.txt"; memstatistics-file "/var/named/chroot/var/named/data/named_mem_stats.tx$ recursion no; transfer-format many-answers; max-transfer-time-in 60; interface-interval 0; allow-transfer { dns2ip; }; forwarders { 208.67.222.222; 208.67.220.220; }; version none; auth-nxdomain no; # conform to RFC1035 }; can anyone help?
Well, I moved a little closer to the solution. The question is for experts: How to keep external recursion off and allow internal recursion? this doesnt seem to help: Code: allow-recursion { 127.0.0.1; local_ip; };
Yes. and I suggest you using that configuration too. Recursion should be allowed within local network only. This is the only way you will pass dnsstuff.com tests. Good luck and thanks for giving me hints where could be the issue.