RE: DNS weirdness

Tue, 06 Jan 2015 10:56:32 -0800 

This nameserver is forwarding to 208.67.222.222 and 208.67.220.220. Are those 
valid and working?

Also, a bunch of your tunables are set really low -- particularly, 
recursive-clients set to 100. This won't suffice for a busy server.

                                                                - Kevin

-----Original Message-----
From: bind-users-boun...@lists.isc.org 
[mailto:bind-users-boun...@lists.isc.org] On Behalf Of The Doctor
Sent: Tuesday, January 06, 2015 1:50 PM
To: comp-protocols-dns-b...@isc.org
Subject: DNS weirdness

Help needed.

This morning my primary DNS server locked.

No worries, the backup will kick in.

Wrong

!!

The Secondary DNS server cannot resolve properly unless the 'real' primary is 
working.

All right, why is the secondary server behaving this way?

Satrt of secondary DNS server named.conf file

//Use with the following in named.conf, adjusting the allow list as needed:
key "rndc-key" {
      algorithm hmac-md5;
      secret "7ZbGK94NdSa2WACxx72W1w=="; };

controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; }; };




// generated by named-bootconf.pl

options {
        directory "/etc/namedb";
        pid-file "/var/run/named.pid";
        dump-file "/etc/namedb/named.core";
        max-ncache-ttl 86400;
        recursive-clients 100;
        reserved-sockets 128;
        tcp-clients 40;
        tcp-listen-queue 14;
        zone-statistics yes;
        forwarders { 208.67.222.222; 208.67.220.220; };
        blackhole {
                65.94.172.87;
                67.68.204.41;
                74.15.184.13;
                65.94.173.208;
        };
        allow-transfer {
                        204.209.81.1;
                        204.209.81.8;
                        204.209.81.14;
                        };
        allow-notify {
                        204.209.81.1;
                        204.209.81.8;
                        204.209.81.14;
                        };
        also-notify {
                        204.209.81.1 port 53;
                        204.209.81.8 port 53;
                        204.209.81.14 port 53;
                        };
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked   
--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici 
doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware 
AntiChrist rising! 
http://www.fullyfollow.me/rootnl2k  Look at Psalms 14 and 53 on Atheism 
Birthday 29 Jan 1969, REdhill Surrey, England, UK

--
This message has been scanned for viruses and dangerous content by MailScanner, 
and is believed to be clean.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to