Date: Tue, 1 Apr 2003 22:17:52 +0200 (CEST) From: Marcel Stangenberger <marcel@hayholt.org> To: Toni Schmidbauer <toni@stderror.at> Cc: questions@freebsd.org Subject: Re: problem with DNS resolving Message-ID: <Pine.GSO.4.53.0304012211060.7268@eldar.hayholt.org> In-Reply-To: <20030401185320.GF10095@devil.stderror.at> References: <Pine.GSO.4.53.0304011926560.7268@eldar.hayholt.org> <Pine.GSO.4.53.0304012012160.7268@eldar.hayholt.org> <20030401185320.GF10095@devil.stderror.at>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Tue, Apr 01, 2003 at 08:14:19PM +0200, Marcel Stangenberger wrote:
> > my fault, forgot to copy those rules to the list :
>
> no problem.
>
> what happens if you execute 'dig @127.0.0.1 hayholt.org axfr'?
>
It shows me the zonefile from my server
> if i understand your config correctly 195.18.92.98 is an ip
> adress configured on one of your nic's. IMHO your second
> nameserver entry in /etc/hosts makes no sense. the second entry
> is for backup purpose if the first one is not reachable. so in
> your case its the same bind8 instance... the entry should be the
> ip-addr of your second ns.
>
> just as a note: for security reasons i would add the following to
> your bind config:
>
> acl trusted { 127.0.0.1; 195.18.92.98; 195.18.103.140; };
>
> and in the options stanza:
>
> allow-transfer { trusted; };
>
> currently your are allowing zone transfers without any
> restrictions, so anyone can find out all entries in the hayholt.org
> zone with 'dig @195.18.92.98 hayholt.org axfr'
>
i just added the lines you suggested but i got the following error :
Apr 1 22:14:20 moredhel named[673]: reloading nameserver
Apr 1 22:14:20 moredhel named[673]: /etc/namedb/named.conf:46: unknown
ACL 'trusted'
Apr 1 22:14:20 moredhel named[673]: db_load could not open: named.root:
No such file or directory
Apr 1 22:14:20 moredhel named[673]: /etc/namedb/named.conf:136: syntax
error near '}'
Apr 1 22:14:20 moredhel named[673]: Ready to answer queries.
here is my named.conf :
options {
directory "/etc/namedb";
forward first;
forwarders {
195.18.114.5;
195.18.115.5;
};
allow-transfer { trusted; };
};
acl trusted { 127.0.0.1;
195.18.92.98;
195.18.103.140;
195.18.92.103;
195.18.109.250;
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
server 195.18.114.5 {
transfers 200;
};
server 195.18.115.5 {
transfers 200;
};
logging {
};
zone "hayholt.org" {
type master;
file "/etc/namedb/hayholt.org.hosts";
};
Marcel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.53.0304012211060.7268>