On Sat, Nov 24, 2012 at 06:39:31PM +0100, Daniele Imbrogino wrote: > I'd like to use BIND9 in the simplest way possible: I just want > to install it and use it for name resolution of Internet hosts. > So, on Ubuntu 12.04, I run "sudo apt-get install bind9 bind9utils > bind9-doc" and then "dig @127.0.0.1 www.amazon.com" (for example), > but I ALWAYS obtain a SERVFAIL. > Why? Is it necessary a configuration for this minimal use, too?
No, but your distributor gave you one; it apparently does not work. You could empty out your named.conf(5) and get the result you want: root@telescreen:~# cd /etc/ root@telescreen:/etc# mv named.conf named.conf.dist root@telescreen:/etc# touch named.conf root@telescreen:/etc# named root@telescreen:/etc# dig @127.0.0.1 www.amazon.com any ... By default you will allow recursion for "localnets" (the BIND built in ACL for all locally-attached networks.) If it's behind a router, this is probably what you want. If not, you might want to restrict your configuration (listen-on or allow-query) on the external interface, and/or block the traffic (inbound to both ports 53, TCP and UDP) in your firewall. Offer void where taxed or prohibited, or where something funny is going on (like a router hijacking DNS.) -- http://rob0.nodns4.us/ -- system administration and consulting Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
