DNS bind-9.3.3-8

slr sweetgrass at zen2now.com
Sun Jun 24 12:23:29 MST 2007 

added the PTR records for both authoritative servers as well as my NAT 
address to the allow-query statement. now i get an authoritative answer from 
both servers.

thanks for the advise.

slr

----- Original Message ----- 
From: "slr" <sweetgrass at zen2now.com>
To: "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
Sent: Saturday, June 23, 2007 7:20 PM
Subject: Re: DNS bind-9.3.3-8


> the master's local ip is in the resolv.conf, and no i havent created a PTR
> record for the master or the slave.. which i believe needs to happen. on 
> my
> old bind servers, i created a separate zone files for the PTR records. not
> sure if thats the best way to handle it.
>
> slr
>
> ----- Original Message ----- 
> From: "Dan Lund" <situationalawareness at gmail.com>
> To: "Main PLUG discussion list" <plug-discuss at lists.plug.phoenix.az.us>
> Sent: Saturday, June 23, 2007 10:35 AM
> Subject: Re: DNS bind-9.3.3-8
>
>
>> What's in the requesting systems resolv.conf and also, do you have
>> reverse dns for the ips in the dns server?
>>
>>
>> On 6/22/07, slr <sweetgrass at zen2now.com> wrote:
>>> i'm having some issues with my new master/slave setup and i cant figure
>>> it
>>> out on my own. so i'm hoping someone in PLUG can help me out with this
>>> one.
>>>
>>> first issue:
>>> master is authoritive for the zones listed in my named.conf,.i know the
>>> fix
>>> for one of the zones as i had to change the nameserver registration and
>>> then
>>> i was able to transfer successfully. but one of the zones is for 
>>> internal
>>> use only and is not a FQDN. so i get
>>> "named[13446]: zone ic/IN/view1: refresh: non-authoritative answer from
>>> master 192.168.6.55#53 (source 0.0.0.0#0)", in the log everytime the
>>> master
>>> tries to transfer.
>>>
>>> second issue:
>>> when i do a dig or use nslookup for a zone i know the master has, it
>>> fails
>>> to find any records. but if i set my resolv.conf to use only the master
>>> as
>>> its nameserver i can successfully dig the zone i had previously tried to
>>> dig
>>> on the master.
>>>
>>> heres a snip-it of on named.conf on the master:
>>>
>>> options {
>>>         listen-on port 53 { master_local_ip; };
>>>         directory "/var/named";
>>>         dump-file "/var/named/data/cache_dump.db";
>>>         statistics-file "/var/named/data/named_stats.txt";
>>>         memstatistics-file "/var/named/data/named_mem_stats.txt";
>>>         query-source    port 53;
>>>         zone-statistics yes;
>>>         notify explicit;
>>>         dnssec-enable yes;
>>>         allow-query     { slave_local_ip; master_local_ip;
>>> company_local_subnet; slave_public_ip; };
>>> };
>>> logging {
>>>         channel query_file {
>>>                 file "/var/log/query.log";
>>>                 severity info;
>>>                 print-severity yes;
>>>                 print-time yes;
>>>         };
>>>         category queries { query_file; };
>>> };
>>>
>>> key "TRANSFER" {
>>>         algorithm hmac-md5;
>>>         secret "xPNB2+v8jXzRxZDvANDKZg==";
>>> };
>>>
>>> server slave_local_ip {
>>>         keys {
>>>         TRANSFER;
>>>     };
>>> };
>>> view "view1" {
>>>         match-clients{ accepted_client_list; };
>>>         recursion yes;
>>>         allow-recursion { 192.168.0.0/16; 127.0.0.1/32; };
>>>         zone "ic" IN {
>>>         type master;
>>>         allow-transfer { slave_local_ip; };
>>>         also-notify { slave_local_ip; };
>>>         file "view1/.ic.dns";
>>>         };
>>>         zone "furrybuddies.com" IN {
>>>         type master;
>>>         allow-transfer { slave_local_ip; };
>>>         also-notify { slave_local_ip; };
>>>         file "view1/furrybuddies.com.dns";
>>> };
>>> };
>>>
>>> this mainly deals with the authorative issue. i'll try to work through
>>> this
>>> one first and if need be i'll post the config for the zone the master
>>> cant
>>> seem to resolve. thanks for any and all help.
>>>
>>> slr
>>
>>
>> -- 
>> "Courage is like love; it must have hope to nourish it."
>> -Napoleon Bonaparte
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>

More information about the PLUG-discuss mailing list