From owner-freebsd-questions@FreeBSD.ORG Sun Jan 14 17:40:06 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 83FA216A417 for ; Sun, 14 Jan 2007 17:40:06 +0000 (UTC) (envelope-from reko.turja@liukuma.net) Received: from www.liukuma.net (www.liukuma.net [62.220.235.15]) by mx1.freebsd.org (Postfix) with ESMTP id 2FB4A13C448 for ; Sun, 14 Jan 2007 17:40:06 +0000 (UTC) (envelope-from reko.turja@liukuma.net) Received: from rivendell (c-980471d5.019-61-68617010.cust.bredbandsbolaget.se [213.113.4.152]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by www.liukuma.net (Postfix) with ESMTP id 73C06549D; Sun, 14 Jan 2007 19:40:04 +0200 (EET) Message-ID: <02fc01c73803$0644d4a0$0a0aa8c0@rivendell> From: "Reko Turja" To: "Nate Peck" , References: <7ddd53320701140839t65f5b005r3b5bbe105c71700e@mail.gmail.com> Date: Sun, 14 Jan 2007 19:40:02 +0200 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Cc: Subject: Re: BIND9 Syntax? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jan 2007 17:40:06 -0000 ----- Original Message ----- From: "Nate Peck" To: Sent: Sunday, January 14, 2007 6:39 PM Subject: BIND9 Syntax? > Dear All, > > I've been having trouble with BIND(version 9.3.2-P1), and I'm not > sure > where the problem is. When I try to use nslookup, it spits out: > >> server 127.0.0.1 > Default server: 127.0.0.1 > Address: 127.0.0.1#53 >> blue.home.lan > Server: 127.0.0.1 > Address: 127.0.0.1#53 > > ** server can't find blue.home.lan: SERVFAIL >> > > I have my server(blue.home.lan), set up on a LAN. > > These are my config files: > > db.home.lan: > $TTL 3h > home.lan. IN SOA blue.home.lan. ( > 1 ; Serial > 3h ; Refresh after 3 hours > 1h ; Retry after 1 hour > 1w ; Expire after 1 week > 1h ) ; Negative caching TTL of 1 hour And you can define the SOA to be home.lan. Missing the email address of responsible administrator - should be like: home.lan. IN SOA home.lan. email.blue.home.lan ^^^^^^^^^^^^^^^^^^^ Notice that first dot only in email-address is substituted by @ Usually a good idea is naming the serial like 2007011401 - year, month, day and serial is easier that way in the long run :) > named.conf: > options { If this was public I would consider adding either a recursion no; or allow-recursion {}; clauses in options in order to avoid some attack techniques utilizing nameservers. > zone "." IN { > type hint; > file "named.ca"; > }; You have moved the named.root into named.ca? No need for IN in these either. > > zone "localhost" IN { > type master; > file "pri/localhost.zone"; > allow-update { none; }; > notify no; > }; Again if public, I would add allow-transfer rules to allow the full dump of domains in questions only at appropriate peering servers. Maybe allow-query { any; }; for every domain as well. I might have missed some bugs at cursory glance, but these should help to get you started. -Reko (By the way Greg Leheys nowadays publicly available book about FreeBSD has pretty good walkthrough about basic nameserver configuration)