Re: BIND9 Syntax?

Sun, 14 Jan 2007 09:40:26 -0800

----- Original Message ----- From: "Nate Peck" <[EMAIL PROTECTED]> 
To: <freebsd-questions@freebsd.org>
Sent: Sunday, January 14, 2007 6:39 PM
Subject: BIND9 Syntax?



Dear All,
I've been having trouble with BIND(version 9.3.2-P1), and I'm not sure 
where the problem is. When I try to use nslookup, it spits out:


server 127.0.0.1

Default server: 127.0.0.1
Address: 127.0.0.1#53

blue.home.lan

Server:         127.0.0.1
Address:        127.0.0.1#53

** server can't find blue.home.lan: SERVFAIL




I have my server(blue.home.lan), set up on a LAN.

These are my config files:

db.home.lan:
$TTL 3h
home.lan. IN SOA blue.home.lan. (
                         1        ; Serial
                         3h       ; Refresh after 3 hours
                         1h       ; Retry after 1 hour
                         1w       ; Expire after 1 week
                         1h )     ; Negative caching TTL of 1 hour



And you can define the SOA to be home.lan.
Missing the email address of responsible administrator - should be like: 

home.lan. IN SOA home.lan.  email.blue.home.lan
                           ^^^^^^^^^^^^^^^^^^^

Notice that first dot only in email-address is substituted by @
Usually a good idea is naming the serial like 2007011401 - year, month, day and serial is easier that way in the long run :) 


named.conf:
options {
If this was public I would consider adding either a recursion no; or allow-recursion {}; clauses in options in order to avoid some attack techniques utilizing nameservers. 


zone "." IN {
       type hint;
       file "named.ca";
};


You have moved the named.root into named.ca?

No need for IN in these either.



zone "localhost" IN {
       type master;
       file "pri/localhost.zone";
       allow-update { none; };
       notify no;
};
Again if public, I would add allow-transfer rules to allow the full dump of domains in questions only at appropriate peering servers. Maybe allow-query { any; }; for every domain as well.
I might have missed some bugs at cursory glance, but these should help to get you started. 

-Reko
(By the way Greg Leheys nowadays publicly available book about FreeBSD has pretty good walkthrough about basic nameserver configuration) 
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to