Date: Thu, 13 May 2004 17:12:58 -0400 From: Scott Harrison <scott@mithrandir.com> To: freebsd-current@freebsd.org Subject: Re: DNS problem Message-ID: <4F0AE81A-A522-11D8-B826-0003930F38CE@mithrandir.com> In-Reply-To: <40A3E23E.6020302@ieee.org> References: <6B4993A2-A50E-11D8-B826-0003930F38CE@mithrandir.com> <20040513194709.GI601@funkthat.com> <0D7772A8-A51E-11D8-B826-0003930F38CE@mithrandir.com> <40A3E23E.6020302@ieee.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On May 13, 2004, at 17:01, Ben Kelly wrote:
> Scott Harrison wrote:
>> On May 13, 2004, at 15:47, John-Mark Gurney wrote:
>>> Scott Harrison wrote this message on Thu, May 13, 2004 at 14:50
>>> -0400:
>>>
>>>> Can someone either tell me what needs to be done to get rid of
>>>> these
>>>> messages, or tell me which mailing list I should ask?
>>>
>>>
>>> Most likely your named.root is out of date. Last week
>>> b.root-servers.net
>>> changed IP address and took my dns server off line. Do a:
>>> dig @198.41.0.4 . ns > /etc/namedb/named.root
>>>
>>> and then restart your name server.. That should fix things for you.
>>>
>>> but for future reference, this is not a FreeBSD issue, a generic
>>> bind/internet question.
>>>
>>>
>> My named.root has been updated so appears to be correct. The
>> b.root-servers.net IP address I have is 192.228.79.201 so I think
>> everything is fine there.
>> Unlike others I have this problem regularly. Every time I make
>> my server do a DNS lookup it puts a lot of lines into
>> /var/log/messages, but luckily for me I have not filled /var up.
>> This has been happening for many days now and I have not been able to
>> find any real answers using google.
>
> Are you restricting outgoing DNS requests at your firewall? I made
> this mistake the first time I tried setting up bind. (Incidentally,
> ever since this happened the first line in my dmesg output has been
> corrupt.)
>
No, the firewall is configured to allow incoming on port 53 for both
TCP and UDP, and for outgoing it allows anything from the LAN.
My config file has in it:
options {
directory "/etc/namedb";
forwarders { 63.75.133.13; 63.75.133.14; };
query-source address * port 53;
allow-transfer { 64.45.135.25; };
allow-query { 63.75.133.121; };
rrset-order {
order fixed;
};
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "loopback.db";
};
zone "mithrandir.com" {
type master;
file "mithrandir.com.db";
allow-query { any; };
};
I do not have in it the 133.75.63.in-addr.arpa zone because my ISP
provides the lookup for 63.75.133.121 (my machine). Would that be a
problem?
--
Scott Harrison PGP Key ID: 0x0f0b5b86
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F0AE81A-A522-11D8-B826-0003930F38CE>