problem with DNS resolving

Marcel Stangenberger marcel at hayholt.org
Tue Apr 1 12:17:54 PST 2003 

> On Tue, Apr 01, 2003 at 08:14:19PM +0200, Marcel Stangenberger wrote:
> > my fault, forgot to copy those rules to the list :
>
> no problem.
>
> what happens if you execute 'dig @127.0.0.1 hayholt.org axfr'?
>

It shows me the zonefile from my server

> if i understand your config correctly 195.18.92.98 is an ip
> adress configured on one of your nic's. IMHO your second
> nameserver entry in /etc/hosts makes no sense. the second entry
> is for backup purpose if the first one is not reachable. so in
> your case its the same bind8 instance... the entry should be the
> ip-addr of your second ns.
>
> just as a note: for security reasons i would add the following to
> your bind config:
>
> acl trusted { 127.0.0.1; 195.18.92.98; 195.18.103.140; };
>
> and in the options stanza:
>
> allow-transfer { trusted; };
>
> currently your are allowing zone transfers without any
> restrictions, so anyone can find out all entries in the hayholt.org
> zone with 'dig @195.18.92.98 hayholt.org axfr'
>

i just added the lines you suggested but i got the following error :

Apr  1 22:14:20 moredhel named[673]: reloading nameserver
Apr  1 22:14:20 moredhel named[673]: /etc/namedb/named.conf:46: unknown
ACL 'trusted'
Apr  1 22:14:20 moredhel named[673]: db_load could not open: named.root:
No such file or directory
Apr  1 22:14:20 moredhel named[673]: /etc/namedb/named.conf:136: syntax
error near '}'
Apr  1 22:14:20 moredhel named[673]: Ready to answer queries.

here is my named.conf :

options {
        directory "/etc/namedb";

        forward first;
        forwarders {
                195.18.114.5;
                195.18.115.5;
                };

        allow-transfer { trusted; };
};


acl trusted {   127.0.0.1;
                195.18.92.98;
                195.18.103.140;
                195.18.92.103;
                195.18.109.250;
};

zone "." {
        type hint;
        file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
        type master;
        file "localhost.rev";
};


server 195.18.114.5 {
        transfers 200;
        };
server 195.18.115.5 {
        transfers 200;
        };
logging {
        };
zone "hayholt.org" {
        type master;
        file "/etc/namedb/hayholt.org.hosts";
        };


Marcel

More information about the freebsd-questions mailing list