You have recursion set to no. So the only thing the DNS server will answer
for is zones it is authoritative for. If you want to use it as a DNS server
for clients, you need to allow recursionfor an ACL that has the IP address
space that your clients are coming from. Here's an example:
acl "trusted" {
192.168.0.0/16;
10.153.154.0/24;
localhost;
localnets;
};
options {
...
allow-query { any; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
...
};
On Sat, Nov 15, 2008 at 7:36 AM, Ian Gregson <[EMAIL PROTECTED]> wrote:
> Hi there,
>
>
>
> Can anyone help? I finally managed to configure bind on Windows and it
> seems to be working ok but most of the external addresses (i.e. yahoo.com,
> google.com etc) do not resolve.
>
>
>
> The crazy thing is .. some I can browser with firefox but NOT many, i.e.
> experts-exchange.com, linux.derkeiler.com work OK
>
>
>
> I presume its working off some kind of cache…
>
>
>
> What I did do was downloaded the named.root file and placed it in etc (see
> my named.conf for config "." Zone - I have placed after this).
>
>
>
> I think the issue is with the root servers not resolving as I ran a trace
> using dig and get this back … even for experts-exchange.com (which
> resolves in firefox), I am really lost… Heres the output from dig using the
> +trace … and here is my named.conf …
>
>
>
> Any help really appreciated, basically my idea is .. to check if the domain
> exists locally and if not forward to another dns server to have it resolved
>
>
>
> C:\Windows\SysWOW64\dns\bin>dig +trace experts-exchange.com
>
>
>
> ; <<>> DiG 9.5.0-P2-W2 <<>> +trace experts-exchange.com
>
> ;; global options: printcmd
>
> . 3600000 IN NS H.ROOT-SERVERS.NET.
>
> . 3600000 IN NS L.ROOT-SERVERS.NET.
>
> . 3600000 IN NS C.ROOT-SERVERS.NET.
>
> . 3600000 IN NS J.ROOT-SERVERS.NET.
>
> . 3600000 IN NS G.ROOT-SERVERS.NET.
>
> . 3600000 IN NS K.ROOT-SERVERS.NET.
>
> . 3600000 IN NS I.ROOT-SERVERS.NET.
>
> . 3600000 IN NS M.ROOT-SERVERS.NET.
>
> . 3600000 IN NS D.ROOT-SERVERS.NET.
>
> . 3600000 IN NS B.ROOT-SERVERS.NET.
>
> . 3600000 IN NS A.ROOT-SERVERS.NET.
>
> . 3600000 IN NS E.ROOT-SERVERS.NET.
>
> . 3600000 IN NS F.ROOT-SERVERS.NET.
>
> ;; Received 228 bytes from
> 127.0.0.1#53(127.0.0.1)<http://127.0.0.1#53%28127.0.0.1%29>in 39 ms
>
>
>
> dig: couldn't get address for 'E.ROOT-SERVERS.NET': not found
>
>
>
> C:\Windows\SysWOW64\dns\bin>
>
>
>
> options {
>
> directory "c:\windows\SysWOW64\dns\etc";
>
> version "not currently available";
>
> pid-file "run\named.pid";
>
> allow-transfer { none; };
>
> recursion no;
>
> forwarders { 208.67.222.222; 208.67.220.220; };
>
> forward only;
>
> };
>
>
>
> logging{
>
> channel my_log{
>
> file "log\named.log" versions 3 size 250k;
>
> severity info;
>
> };
>
> category default{
>
> my_log;
>
> };
>
> };
>
>
>
> zone "." {
>
> type hint;
>
> file "named.root";
>
> };
>
>
>
> zone "mylocalemail.com" IN {
>
> type master;
>
> file "zones\db.mylocalemail.com.txt";
>
> allow-transfer { none; };
>
> };
>
>
>
> key "rndc-key" {
>
> algorithm hmac-md5;
>
> secret "whaaa2JlhJJFWWDQbaGSSA3BA==";
>
> };
>
>
>
> controls {
>
> inet 127.0.0.1 port 953
>
> allow { 127.0.0.1; } keys { "rndc-key"; };
>
> };
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Bind-users mailing list
> Bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Google for President
YouTube for VP
in any year divisible by 4
_______________________________________________
Bind-users mailing list
Bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
