Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 1 Apr 2003 20:53:20 +0200
From:      Toni Schmidbauer <toni@stderror.at>
To:        questions@freebsd.org
Subject:   Re: problem with DNS resolving
Message-ID:  <20030401185320.GF10095@devil.stderror.at>
In-Reply-To: <Pine.GSO.4.53.0304012012160.7268@eldar.hayholt.org>
References:  <Pine.GSO.4.53.0304011926560.7268@eldar.hayholt.org> <20030401180954.GD10095@devil.stderror.at> <Pine.GSO.4.53.0304012012160.7268@eldar.hayholt.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--RDS4xtyBfx+7DiaI
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 01, 2003 at 08:14:19PM +0200, Marcel Stangenberger wrote:
> my fault, forgot to copy those rules to the list :

no problem.=20

what happens if you execute 'dig @127.0.0.1 hayholt.org axfr'?

if i understand your config correctly 195.18.92.98 is an ip
adress configured on one of your nic's. IMHO your second
nameserver entry in /etc/hosts makes no sense. the second entry
is for backup purpose if the first one is not reachable. so in
your case its the same bind8 instance... the entry should be the
ip-addr of your second ns.

just as a note: for security reasons i would add the following to
your bind config:

acl trusted { 127.0.0.1; 195.18.92.98; 195.18.103.140; };

and in the options stanza:

allow-transfer { trusted; };

currently your are allowing zone transfers without any
restrictions, so anyone can find out all entries in the hayholt.org
zone with 'dig @195.18.92.98 hayholt.org axfr'

if everything fails, could you post your named.conf?

toni
--=20
Behandle die Menschen, als w=E4ren sie, was sie sein | toni@stderror.at
sollten, und du wirst ihnen helfen, zu werden, was | Toni Schmidbauer
sie sein k=F6nnen.  - Johann Wolfgang von Goethe     |

--RDS4xtyBfx+7DiaI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+ieAfu/mjSj7RMocRAiBCAKCH0GcjM+VPyGrSyXM9YcuTV9q3yQCfSZe6
Vl0WdnatVEiTvgMJK4Gp3t0=
=Nl1j
-----END PGP SIGNATURE-----

--RDS4xtyBfx+7DiaI--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030401185320.GF10095>