Date: Sat, 3 Jul 2010 14:04:35 -0700 From: Chris Maness <chris@chrismaness.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: BIND Refusing to Resolve for External Hosts Message-ID: <AANLkTikfS7tt1xNLdjuKCw-JH7fysMZtIx89MEQyEwQJ@mail.gmail.com> In-Reply-To: <4C2F9503.5020801@infracaninophile.co.uk> References: <AANLkTimgwvEhu9gt-L9_apH_rnwsv3NHSBARpHJepsvy@mail.gmail.com> <AANLkTimWrBi3wxvkKR0tLabbI1nz7fU_7xu0QZFeJ8ep@mail.gmail.com> <AANLkTinhx0LuivXNQNQKz3g57OSWTScWIIyZlP_ngrdk@mail.gmail.com> <AANLkTikp3KxZ3hwo5o5Zv2jS7Q9unVvXmXSVB0HBgkdZ@mail.gmail.com> <4C2CA73E.9010700@infracaninophile.co.uk> <AANLkTilcO5uZnUceNyqBf3rLv1KoJXNfI9df3xtNcKIu@mail.gmail.com> <4C2F9503.5020801@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 3, 2010 at 12:52 PM, Matthew Seaman
<m.seaman@infracaninophile.co.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 03/07/2010 20:28:27, Chris Maness wrote:
>> Including the line:
>>
>> acl public-nets { 127.0.0.1; ::1; }
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ^
> You need a semi-colon here __________|
I am on gmail with variable width font. I am not sure exactly where I
need the semi colon.
>
> Just defining the acl won't do a great deal on its own -- you need to
> add it to an allow-recursion {}; or similar block.
>
Sorry, Matt. I haven't had to mess with the configuration file in 10
years. Everything just worked until recently (probably the upgrade).
I am running a small Web/DNS/Mail server in my house. I like using a
local recursive server as it has been faster than the alternatives in
the past. Currently, my local net is using the DSL router as its
upstream DNS. So without rambling too much. I am a bit simple at
this stuff, and a little confused. I could switch to another DNS
server, but for academic purposes, I want to learn this stuff. I am
looking at some example files from the ISC link you sent me:
http://www.isc.org/files/arm96.html#sample_configuration
I was thinking of just rebuilding the file from scratch as my current
file is greek to me. However, the examples posted are for recursive
only and authoritative only. Since my server is a hybrid, I am
wondering which directives might interfere with the other.
Moreover I had a look at the security section from that link:
http://www.isc.org/files/arm96.html#Bv9ARM.ch07
Here is what I added to my named.conf. I guess over time they have
increased the default security of BIND so that old files don't allow
recursion from outside hosts by default.
// Set up an ACL called our-nets. Replace this with the real IP numbers.
acl our-nets { 192.168.1.0/24; };
options {
// Relative to the chroot directory, if any
directory "/etc/namedb";
pid-file "/var/run/named/pid";
dump-file "/var/dump/named_dump.db";
statistics-file "/var/stats/named.stats";
allow-transfer {
76.238.148.146;
allow-query { our-nets; };
allow-recursion { our-nets; };
};
Thanks,
Chris Maness
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikfS7tt1xNLdjuKCw-JH7fysMZtIx89MEQyEwQJ>