From owner-freebsd-questions@FreeBSD.ORG  Tue Apr  1 10:53:23 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 27B3F37B401
	for <questions@freebsd.org>; Tue,  1 Apr 2003 10:53:23 -0800 (PST)
Received: from devil.stderror.at (at00d01-adsl-194-118-044-149.nextranet.at
	[194.118.44.149])
	by mx1.FreeBSD.org (Postfix) with ESMTP id E04F943F85
	for <questions@freebsd.org>; Tue,  1 Apr 2003 10:53:20 -0800 (PST)
	(envelope-from pinhead@stderror.at)
Received: by devil.stderror.at (Postfix, from userid 1000)
	id 512F8171EF; Tue,  1 Apr 2003 20:53:20 +0200 (CEST)
Date: Tue, 1 Apr 2003 20:53:20 +0200
From: Toni Schmidbauer <toni@stderror.at>
To: questions@freebsd.org
Message-ID: <20030401185320.GF10095@devil.stderror.at>
Mail-Followup-To: questions@freebsd.org
References: <Pine.GSO.4.53.0304011926560.7268@eldar.hayholt.org>
	<20030401180954.GD10095@devil.stderror.at>
	<Pine.GSO.4.53.0304012012160.7268@eldar.hayholt.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="RDS4xtyBfx+7DiaI"
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.53.0304012012160.7268@eldar.hayholt.org>
User-Agent: Mutt/1.4.1i
Subject: Re: problem with DNS resolving
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: toni@stderror.at
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Apr 2003 18:53:23 -0000


--RDS4xtyBfx+7DiaI
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Apr 01, 2003 at 08:14:19PM +0200, Marcel Stangenberger wrote:
> my fault, forgot to copy those rules to the list :

no problem.=20

what happens if you execute 'dig @127.0.0.1 hayholt.org axfr'?

if i understand your config correctly 195.18.92.98 is an ip
adress configured on one of your nic's. IMHO your second
nameserver entry in /etc/hosts makes no sense. the second entry
is for backup purpose if the first one is not reachable. so in
your case its the same bind8 instance... the entry should be the
ip-addr of your second ns.

just as a note: for security reasons i would add the following to
your bind config:

acl trusted { 127.0.0.1; 195.18.92.98; 195.18.103.140; };

and in the options stanza:

allow-transfer { trusted; };

currently your are allowing zone transfers without any
restrictions, so anyone can find out all entries in the hayholt.org
zone with 'dig @195.18.92.98 hayholt.org axfr'

if everything fails, could you post your named.conf?

toni
--=20
Behandle die Menschen, als w=E4ren sie, was sie sein | toni@stderror.at
sollten, und du wirst ihnen helfen, zu werden, was | Toni Schmidbauer
sie sein k=F6nnen.  - Johann Wolfgang von Goethe     |

--RDS4xtyBfx+7DiaI
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)

iD8DBQE+ieAfu/mjSj7RMocRAiBCAKCH0GcjM+VPyGrSyXM9YcuTV9q3yQCfSZe6
Vl0WdnatVEiTvgMJK4Gp3t0=
=Nl1j
-----END PGP SIGNATURE-----

--RDS4xtyBfx+7DiaI--