BIND9 Syntax?

Derek Ragona derek at computinginnovations.com
Sun Jan 14 22:56:46 UTC 2007 

Once you get the syntax corrected, make sure you are picking up the correct 
named.conf file by doing:
ps -ax| grep name

If you don't have /etc/rc.conf setup correctly, you may not be getting the 
correct named.conf.

         -Derek


At 11:40 AM 1/14/2007, Reko Turja wrote:
>----- Original Message ----- From: "Nate Peck" <nate3000 at gmail.com>
>To: <freebsd-questions at freebsd.org>
>Sent: Sunday, January 14, 2007 6:39 PM
>Subject: BIND9 Syntax?
>
>
>>Dear All,
>>
>>I've been having trouble with BIND(version 9.3.2-P1), and I'm not sure
>>where the problem is. When I try to use nslookup, it spits out:
>>
>>>server 127.0.0.1
>>Default server: 127.0.0.1
>>Address: 127.0.0.1#53
>>>blue.home.lan
>>Server:         127.0.0.1
>>Address:        127.0.0.1#53
>>
>>** server can't find blue.home.lan: SERVFAIL
>>
>>I have my server(blue.home.lan), set up on a LAN.
>>
>>These are my config files:
>>
>>db.home.lan:
>>$TTL 3h
>>home.lan. IN SOA blue.home.lan. (
>>                          1        ; Serial
>>                          3h       ; Refresh after 3 hours
>>                          1h       ; Retry after 1 hour
>>                          1w       ; Expire after 1 week
>>                          1h )     ; Negative caching TTL of 1 hour
>
>
>And you can define the SOA to be home.lan.
>Missing the email address of responsible administrator - should be like:
>
>home.lan. IN SOA home.lan.  email.blue.home.lan
>                            ^^^^^^^^^^^^^^^^^^^
>
>Notice that first dot only in email-address is substituted by @
>
>Usually a good idea is naming the serial like 2007011401 - year, month, 
>day and serial is easier that way in the long run :)
>
>>named.conf:
>>options {
>
>If this was public I would consider adding either a recursion no; or 
>allow-recursion {}; clauses in options in order to avoid some attack 
>techniques utilizing nameservers.
>
>>zone "." IN {
>>        type hint;
>>        file "named.ca";
>>};
>
>You have moved the named.root into named.ca?
>
>No need for IN in these either.
>
>>
>>zone "localhost" IN {
>>        type master;
>>        file "pri/localhost.zone";
>>        allow-update { none; };
>>        notify no;
>>};
>
>Again if public, I would add allow-transfer rules to allow the full dump 
>of domains in questions only at appropriate peering servers. Maybe 
>allow-query { any; }; for every domain as well.
>
>I might have missed some bugs at cursory glance, but these should help to 
>get you started.
>
>-Reko
>
>(By the way Greg Leheys nowadays publicly available book about FreeBSD has 
>pretty good walkthrough about basic nameserver configuration)
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>MailScanner thanks transtec Computers for their support.
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

More information about the freebsd-questions mailing list