Date: Wed, 18 Jul 2007 16:31:31 +1000 From: Mark Andrews <Mark_Andrews@isc.org> To: Michael Nottebrock <lofi@freebsd.org> Cc: Volker <volker@vwsoft.com>, dougb@freebsd.org, freebsd-stable@freebsd.org, Yuri Pankov <yuri@darklight.org.ru> Subject: Re: Problems with named default configuration in 6-STABLE Message-ID: <200707180631.l6I6VVDr048946@drugs.dv.isc.org> In-Reply-To: Your message of "Tue, 17 Jul 2007 10:06:31 %2B0200." <200707171006.32059.lofi@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> --nextPart2302559.jWhKoKUfrP
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
>
> On Tuesday, 17. July 2007, Volker wrote:
> > On 07/17/07 09:20, Michael Nottebrock wrote:
> > > On Tuesday, 17. July 2007, Yuri Pankov wrote:
> > >> On Mon, Jul 16, 2007 at 11:19:41PM +0200, Michael Nottebrock wrote:
> > >>> I finally updated my desktop from 5.5-RELEASE to 6-STABLE. This got me
> > >>> a new named.conf, which I modified to run named as a local resolver,
> > >>> like I had before:
> > >>>
> > >>> listen-on { 127.0.0.1; };
> > >>> listen-on-v6 { ::1; };
> > >>> forward only;
> > >>> forwarders {
> > >>> 192.168.8.1;
> > >>> };
> > >>>
> > >>> Everything else is default. However, with this default configuration,
> > >>> named will not resolve any hosts of my local domain (my.domain), which
> > >>> uses addresses in the 192.168.8 subnet. My dns server on 192.168.8.1,
> > >>> running 6.2-RELEASE, has a very simple dynamic dns setup: a zone
> > >>> "my.domain" and a reverse zone 8.168.192.in-addr.arpa which are both
> > >>> dynamically updated by dhcpd.
> > >>>
> > >>> To make this work again, I had to delete everything in the default
> > >>> named.conf from "/* Slaving the following zones from the root
> > >>> [...]" to "zone "ip6.int" { type master;
> > >>> file "master/empty.db"; };".
> > >>>
> > >>> I'm a DNS n00b, but I suspect that such drastic measures shouldn't be
> > >>> required and somehow my setup is flawed. What can I do to make this
> > >>> work right?
> > >>>
> > >>>
> > >>> Cheers,
> > >>> --
> > >>> ,_, | Michael Nottebrock | lofi@freebsd.org
> > >>> (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
> > >>> \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org
> > >>
> > >> Hi Michael,
> > >>
> > >> If I understood you correctly, you can't resolve 8.168.192.in-addr.arpa
> > >> anymore, and the line below (from default named.conf) is the cause:
> > >>
> > >> zone "168.192.in-addr.arpa" { type master; file "master/empty.db"; };
> > >
> > Yes - and this:
> > >
> > > zone "." {
> > > type slave;
> >
> > The root zone MUST be of type hint. You do not want to be a slave of
> > the root... don't you? ;)
>
> The new default configuration of named wants me to be.
>
> But now that you've mentioned it, I finally saw the following lines in the=
> =20
> default named.conf:
>
> =2D--
> If you do not wish to slave these zones from the root servers
> use the entry below instead.
> zone "." { type hint; file "named.root"; };
> =2D--
>
> I scanned over that before, but being a DNS n00b, I didn't understand what =
> it=20
> meant. So, that solves that. Still, quite a bit of editing required:=20
> Commenting out the slaved root zone, moving out the root servers hint out o=
> f=20
> a comment and commenting out the empty zone for my private use network to=20
> make reverse lookups work again.
>
> I think at least an UPDATING entry and maybe some more verbose and less=20
> technical commenting in named.conf itself is warranted.
>
> =2D-=20
> ,_, | Michael Nottebrock | lofi@freebsd.org
> (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
> \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org
>
> --nextPart2302559.jWhKoKUfrP
> Content-Type: application/pgp-signature; name=signature.asc
> Content-Description: This is a digitally signed message part.
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (FreeBSD)
>
> iD8DBQBGnHiIXhc68WspdLARAuSHAKCk7dskkSAzlAiquA48iGvGf+B88ACeOoj4
> XfDcTp42hWrF4RFOnG1jE8c=
> =bto6
> -----END PGP SIGNATURE-----
>
> --nextPart2302559.jWhKoKUfrP--
For a forward "zone" to work there has to be a zone cut between any
authoritative zones (master/slave) and the forward zone.
When you graft private namespaces onto the DNS tree slave / stubs
zones work better.
Forward zones and forwarders are over used.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707180631.l6I6VVDr048946>