From owner-freebsd-questions Sat Aug 11 15:40:12 2001 Delivered-To: freebsd-questions@freebsd.org Received: from jezebel.demon.co.uk (jezebel.demon.co.uk [158.152.38.143]) by hub.freebsd.org (Postfix) with ESMTP id 4476237B406 for ; Sat, 11 Aug 2001 15:39:56 -0700 (PDT) (envelope-from rdls@jezebel.demon.co.uk) Received: (from rdls@localhost) by jezebel.demon.co.uk (8.11.1/8.11.1) id f7BMavH00920; Sat, 11 Aug 2001 23:36:57 +0100 (BST) (envelope-from rdls) Date: Sat, 11 Aug 2001 23:36:57 +0100 From: Richard Smith To: Gary Stanny Cc: questions@freebsd.org Subject: Re: DNS problem - hundreds of "ns_req: no address for root server" errors Message-ID: <20010811233656.D733@gaia.home.rdls.net> References: <4.2.2.20010811113826.00bab320@10.10.10.1> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.2.2.20010811113826.00bab320@10.10.10.1>; from stanny@TDFltd.com on Sat, Aug 11, 2001 at 12:05:53PM -0400 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sat, Aug 11, 2001 at 12:05:53PM -0400, Gary Stanny wrote: > Hi all - > > I'm have a slight problem with my DNS that I can't solve. What I want is my > gateway > machine to support everything for my domain this side of my cable modem inside > to my 10.10.10.? internal network while referencing the real NIC assigned > address > for my public side of my domain ("tdfltd.com") for access my web site and > pop mail > accounts. And everything currently works exactly as I want - I can send > mail to local > users (like robot@tdfltd.com) and have it stay internal or I can send mail > to my external > pop accounts (like info@mail.tdfltd.com). And all of my windows machines > can find > their brothers behind the firewall ok and use the gateway's sendmail for > out going mail > ok. > > Except I get hundreds of "ns_req: no address for root server" errors per > day. From > my net research and my reading of the TCP/IP network administration (the > crab book) > I think the problem means that bind can't an authoritative source for the > NS record > for my tdfltd.com domain. But I think I have configured named.conf to be a > primary > for tdfltd.com. > > Could one of you DNS gurus please review my named.conf & db.tdf.com files and > tell me what's wrong. (And let me know if you need any other config files) > > And please CC an answer direct to me since I get the list in digest form > and I'm > hacking now :-) > > Thanks a bunch. > > root >cat named.conf /etc/namedb > // $FreeBSD: src/etc/namedb/named.conf,v 1.6.2.1 2000/07/15 07:49:29 kris Exp $ > // > // Refer to the named(8) man page for details. If you are ever going > // to setup a primary server, make sure you've understood the hairy > // details of how DNS is working. Even with simple mistakes, you can > // break connectivity for affected parties, or cause huge amount of > // useless Internet traffic. > > options { > directory "/etc/namedb"; > > // In addition to the "forwarders" clause, you can force your name > // server to never initiate queries of its own, but always ask its > // forwarders only, by enabling the following line: > // > forward only; > > // If you've got a DNS server around at your upstream provider, enter > // its IP address here, and enable the line below. This will make you > // benefit from its cache, thus reduce overall DNS traffic in the Internet. > /* > forwarders { > 127.0.0.1; > }; > */ > /* > * If there is a firewall between you and nameservers you want > * to talk to, you might need to uncomment the query-source > * directive below. Previous versions of BIND always asked > * questions using port 53, but BIND 8.1 uses an unprivileged > * port by default. > */ > query-source address * port 53; > > /* > * If running in a sandbox, you may have to specify a different > * location for the dumpfile. > */ > // dump-file "s/named_dump.db"; > }; > > // Note: the following will be supported in a future release. > /* > host { any; } { > topology { > 127.0.0.0/8; > }; > }; > */ > > // Setting up secondaries is way easier and the rough picture for this > // is explained below. > // > // If you enable a local name server, don't forget to enter 127.0.0.1 > // into your /etc/resolv.conf so this server will be queried first. > // Also, make sure to enable it in /etc/rc.conf. > > zone "." { > type hint; > file "named.root"; > }; > > zone "0.0.127.IN-ADDR.ARPA" { > type master; > // file "tdf_ltd.db"; > file "db.tdf.com.localhost"; > // file "localhost.rev"; > }; > > //zone > "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" { > // type master; > // file "tdf_ltd.db"; > // file "localhost.rev"; > //}; > > // NB: Do not use the IP addresses below, they are faked, and only > // serve demonstration/documentation purposes! > // > // Example secondary config entries. It can be convenient to become > // a secondary at least for the zone where your own domain is in. Ask > // your network administrator for the IP address of the responsible > // primary. > // > // Never forget to include the reverse lookup (IN-ADDR.ARPA) zone! > // (This is the first bytes of the respective IP address, in reverse > // order, with ".IN-ADDR.ARPA" appended.) > // > // Before starting to setup a primary zone, better make sure you fully > // understand how DNS and BIND works, however. There are sometimes > // unobvious pitfalls. Setting up a secondary is comparably simpler. > // > // NB: Don't blindly enable the examples below. :-) Use actual names > // and addresses instead. > // > // NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf). > // The directory containing the secondary zones must be write accessible > // to bind. The following sequence is suggested: > // > // mkdir /etc/namedb/s > // chown bind.bind /etc/namedb/s > // chmod 750 /etc/namedb/s > > /* > zone "domain.com" { > type slave; > file "s/domain.com.bak"; > masters { > 192.168.1.1; > }; > }; > > zone "0.168.192.in-addr.arpa" { > type slave; > file "s/0.168.192.in-addr.arpa.bak"; > masters { > 192.168.1.1; > }; > }; > */ > > zone "TDFltd.com" { > type master; > file "db.tdf.com"; > }; > > zone "10.10.10.IN-ADDR.ARPA" { > type master; > file "db.tdf.com.reverse"; > }; > > ----------------------- > > root >cat db.tdf.com /etc/namedb > ; > ; db.tdf.com > ; main domain name server record > ; > > @ IN SOA diablo.tdfltd.com. postmaster.tdfltd.com. ( > 200103260707 ; serial number You may want to check /var/log/messages to see what named is doing when it starts up. But my guess is that that serial number needs to fit into a 32-bit uint, so its 2 digits too long. -- Richard Smith Network Systems Director Satamatics Ltd Green Lane, Tewkesbury, GL20 8HD, United Kingdom Tel: +44 1684 278610 Fax: +44 1684 278611 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message