Wow, totally cool .. it now works COuld i ask you to just explain the following..
I put 192.168.1.31/16 this is the IP of my local machine what is the /16? Should it be /24? I left localhost in which I know what this is .. its the loopback 127.0.0.1, I presume I am correct here.. What is localnets I have also left it unchanged.. As I say everthing works 100% now so I presume when I ask for yahoo.com ... I am not serving this but the dns server forwards this to my ISPs forwards which I have placed in the named.conf file Thanks again for all your help From: Dawn Connelly [mailto:[EMAIL PROTECTED] Sent: sábado, 15 de noviembre de 2008 18:51 To: Ian Gregson Cc: [EMAIL PROTECTED] Subject: Re: Most external domains do not resolve (missing root servers?) You have recursion set to no. So the only thing the DNS server will answer for is zones it is authoritative for. If you want to use it as a DNS server for clients, you need to allow recursionfor an ACL that has the IP address space that your clients are coming from. Here's an example: acl "trusted" { 192.168.0.0/16; 10.153.154.0/24; localhost; localnets; }; options { ... allow-query { any; }; allow-recursion { trusted; }; allow-query-cache { trusted; }; ... }; On Sat, Nov 15, 2008 at 7:36 AM, Ian Gregson <[EMAIL PROTECTED]> wrote: Hi there, Can anyone help? I finally managed to configure bind on Windows and it seems to be working ok but most of the external addresses (i.e. yahoo.com, google.com etc) do not resolve. The crazy thing is .. some I can browser with firefox but NOT many, i.e. experts-exchange.com, linux.derkeiler.com work OK I presume its working off some kind of cache What I did do was downloaded the named.root file and placed it in etc (see my named.conf for config "." Zone - I have placed after this). I think the issue is with the root servers not resolving as I ran a trace using dig and get this back even for experts-exchange.com (which resolves in firefox), I am really lost Heres the output from dig using the +trace and here is my named.conf Any help really appreciated, basically my idea is .. to check if the domain exists locally and if not forward to another dns server to have it resolved C:\Windows\SysWOW64\dns\bin>dig +trace experts-exchange.com ; <<>> DiG 9.5.0-P2-W2 <<>> +trace experts-exchange.com ;; global options: printcmd .. 3600000 IN NS H.ROOT-SERVERS.NET. .. 3600000 IN NS L.ROOT-SERVERS.NET. .. 3600000 IN NS C.ROOT-SERVERS.NET. .. 3600000 IN NS J.ROOT-SERVERS.NET. .. 3600000 IN NS G.ROOT-SERVERS.NET. .. 3600000 IN NS K.ROOT-SERVERS.NET. .. 3600000 IN NS I.ROOT-SERVERS.NET. .. 3600000 IN NS M.ROOT-SERVERS.NET. .. 3600000 IN NS D.ROOT-SERVERS.NET. .. 3600000 IN NS B.ROOT-SERVERS.NET. .. 3600000 IN NS A.ROOT-SERVERS.NET. .. 3600000 IN NS E.ROOT-SERVERS.NET. .. 3600000 IN NS F.ROOT-SERVERS.NET. ;; Received 228 bytes from 127.0.0.1#53(127.0.0.1) <http://127.0.0.1#53%28127.0.0.1%29> in 39 ms dig: couldn't get address for 'E.ROOT-SERVERS.NET': not found C:\Windows\SysWOW64\dns\bin> options { directory "c:\windows\SysWOW64\dns\etc"; version "not currently available"; pid-file "run\named.pid"; allow-transfer { none; }; recursion no; forwarders { 208.67.222.222; 208.67.220.220; }; forward only; }; logging{ channel my_log{ file "log\named.log" versions 3 size 250k; severity info; }; category default{ my_log; }; }; zone "." { type hint; file "named.root"; }; zone "mylocalemail.com" IN { type master; file "zones\db.mylocalemail.com.txt"; allow-transfer { none; }; }; key "rndc-key" { algorithm hmac-md5; secret "whaaa2JlhJJFWWDQbaGSSA3BA=="; }; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; _______________________________________________ Bind-users mailing list Bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Google for President YouTube for VP in any year divisible by 4
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Bind-users mailing list Bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
