[plug] DNS problem - named.conf and zone file
Steve Baker
sbaker at icg.net.au
Thu May 24 14:20:47 WST 2001
----- Original Message -----
From: "Paul Dean" <paul at canningcollege.wa.edu.au>
Subject: Re: [plug] DNS problem
> Have you set your named.conf file "forwarders" to the "master" DNS and
> yours as "slave"?
>
> See `man 8 named`
No I haven't - I have set them to our local ISP's name servers. The parent
DNS domain is much further away - distance and network wise. I was under
the impression that this was only to accelerate unresolved queries outside
the domain anyway, since they would likely be resolved out of the ISP
nameservers cache. Is this not correct?
----- Original Message -----
From: "Jeremy Malcolm" <Jeremy at Malcolm.wattle.id.au>
Subject: Re: [plug] DNS problem
> Please post your zone files (with IP addresses munged).
>
I should have included more information when I posted last night. The name
server is BIND 8.2.3. Running on a Linux (hence loosely on-topic) SuSE 6.3
server. The name server IP address is 10.10.25.5, this is masq'd by our
firewall to 203.126.107.242. This is why both zones are there, so you can
resolve the addresses from both inside and outside the firewall. My domain
is sg.mercatela.com, the parent domain is mercatela.com. I didn't munge
anything, this is all public info anyway.
Config files follow:
---------- named.conf start -----------------------------------------
options {
directory "/var/named";
# the default is to fail, if the master file is not correct
check-names master warn;
pid-file "/var/run/named.pid";
statistics-interval 0;
cleaning-interval 720;
datasize default;
stacksize default;
coresize default;
files unlimited;
recursion yes;
multiple-cnames no;
forwarders {
165.21.83.88;
165.21.100.88;
};
};
(usual root/localhost/127.0.0 zone defs here)
zone "sg.mercatela.com" IN {
type master;
file "sg.mercatela.com";
allow-transfer { 202.66.57.157; 202.66.57.146; };
notify yes;
};
zone "25.10.10.in-addr.arpa" IN {
type master;
file "25.10.10.in-addr.arpa";
check-names fail;
allow-update { none; };
};
zone "20.10.10.in-addr.arpa" IN {
type master;
file "20.10.10.in-addr.arpa";
check-names fail;
allow-update { none; };
};
zone "107.126.203.in-addr.arpa" IN {
type master;
file "107.126.203.in-addr.arpa";
check-names fail;
allow-update { none; };
};
zone "mercatela.com" IN {
type slave;
file "slave/db.mercatela.com";
masters { 202.66.57.157; 202.66.57.146; };
allow-transfer { none; };
};
---------- named.conf end -----------------------------------------
---------- Zone file sg.mercatela.com start ------------------------------
@ IN SOA sg.mercatela.com. sbaker.mercatela.com. (
2 ; serial
10800 ; refresh
3600 ; retry
3600000 ; expire
86400 ) ; minimum
@ NS rouble.sg.mercatela.com.
. A 203.126.107.242
rouble A 203.126.107.242
gateway A 203.126.107.254
www CNAME rouble.sg.mercatela.com.
stage CNAME rouble.sg.mercatela.com.
smtp CNAME botham.mercatela.com.
sun CNAME rouble.sg.mercatela.com.
---------- sg.mercatela.com end -----------------------------------------
Sorry for the long post. I don't think the other zone files are necessary,
but I can also post those if you want them.
As I said before, everything resolves properly if you talk directly to this
nameserver. Try your own nslookup and see what it does. When I tell
nslookup to use another name server and request these addresses, it fails
with the CNAMES until the name rouble is resolved, then the CNAMES can be
resolved. Why?
bakes
--
Steve Baker
Open your mind, then check out www.nexusmagazine.com
More information about the plug
mailing list