From owner-freebsd-questions@FreeBSD.ORG Tue Apr 1 12:17:54 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B27337B401 for ; Tue, 1 Apr 2003 12:17:54 -0800 (PST) Received: from eldar.hayholt.org (elvandar.hayholt.org [195.18.109.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id B348C43FA3 for ; Tue, 1 Apr 2003 12:17:53 -0800 (PST) (envelope-from marcel@hayholt.org) Received: from eldar (eldar [192.168.0.5]) by eldar.hayholt.org (Postfix) with ESMTP id A20DF59B; Tue, 1 Apr 2003 22:17:52 +0200 (CEST) Date: Tue, 1 Apr 2003 22:17:52 +0200 (CEST) From: Marcel Stangenberger To: Toni Schmidbauer In-Reply-To: <20030401185320.GF10095@devil.stderror.at> Message-ID: References: <20030401185320.GF10095@devil.stderror.at> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: questions@freebsd.org Subject: Re: problem with DNS resolving X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Apr 2003 20:17:54 -0000 > On Tue, Apr 01, 2003 at 08:14:19PM +0200, Marcel Stangenberger wrote: > > my fault, forgot to copy those rules to the list : > > no problem. > > what happens if you execute 'dig @127.0.0.1 hayholt.org axfr'? > It shows me the zonefile from my server > if i understand your config correctly 195.18.92.98 is an ip > adress configured on one of your nic's. IMHO your second > nameserver entry in /etc/hosts makes no sense. the second entry > is for backup purpose if the first one is not reachable. so in > your case its the same bind8 instance... the entry should be the > ip-addr of your second ns. > > just as a note: for security reasons i would add the following to > your bind config: > > acl trusted { 127.0.0.1; 195.18.92.98; 195.18.103.140; }; > > and in the options stanza: > > allow-transfer { trusted; }; > > currently your are allowing zone transfers without any > restrictions, so anyone can find out all entries in the hayholt.org > zone with 'dig @195.18.92.98 hayholt.org axfr' > i just added the lines you suggested but i got the following error : Apr 1 22:14:20 moredhel named[673]: reloading nameserver Apr 1 22:14:20 moredhel named[673]: /etc/namedb/named.conf:46: unknown ACL 'trusted' Apr 1 22:14:20 moredhel named[673]: db_load could not open: named.root: No such file or directory Apr 1 22:14:20 moredhel named[673]: /etc/namedb/named.conf:136: syntax error near '}' Apr 1 22:14:20 moredhel named[673]: Ready to answer queries. here is my named.conf : options { directory "/etc/namedb"; forward first; forwarders { 195.18.114.5; 195.18.115.5; }; allow-transfer { trusted; }; }; acl trusted { 127.0.0.1; 195.18.92.98; 195.18.103.140; 195.18.92.103; 195.18.109.250; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; server 195.18.114.5 { transfers 200; }; server 195.18.115.5 { transfers 200; }; logging { }; zone "hayholt.org" { type master; file "/etc/namedb/hayholt.org.hosts"; }; Marcel