BIND9 Syntax?
Derek Ragona
derek at computinginnovations.com
Sun Jan 14 22:56:46 UTC 2007
Once you get the syntax corrected, make sure you are picking up the correct
named.conf file by doing:
ps -ax| grep name
If you don't have /etc/rc.conf setup correctly, you may not be getting the
correct named.conf.
-Derek
At 11:40 AM 1/14/2007, Reko Turja wrote:
>----- Original Message ----- From: "Nate Peck" <nate3000 at gmail.com>
>To: <freebsd-questions at freebsd.org>
>Sent: Sunday, January 14, 2007 6:39 PM
>Subject: BIND9 Syntax?
>
>
>>Dear All,
>>
>>I've been having trouble with BIND(version 9.3.2-P1), and I'm not sure
>>where the problem is. When I try to use nslookup, it spits out:
>>
>>>server 127.0.0.1
>>Default server: 127.0.0.1
>>Address: 127.0.0.1#53
>>>blue.home.lan
>>Server: 127.0.0.1
>>Address: 127.0.0.1#53
>>
>>** server can't find blue.home.lan: SERVFAIL
>>
>>I have my server(blue.home.lan), set up on a LAN.
>>
>>These are my config files:
>>
>>db.home.lan:
>>$TTL 3h
>>home.lan. IN SOA blue.home.lan. (
>> 1 ; Serial
>> 3h ; Refresh after 3 hours
>> 1h ; Retry after 1 hour
>> 1w ; Expire after 1 week
>> 1h ) ; Negative caching TTL of 1 hour
>
>
>And you can define the SOA to be home.lan.
>Missing the email address of responsible administrator - should be like:
>
>home.lan. IN SOA home.lan. email.blue.home.lan
> ^^^^^^^^^^^^^^^^^^^
>
>Notice that first dot only in email-address is substituted by @
>
>Usually a good idea is naming the serial like 2007011401 - year, month,
>day and serial is easier that way in the long run :)
>
>>named.conf:
>>options {
>
>If this was public I would consider adding either a recursion no; or
>allow-recursion {}; clauses in options in order to avoid some attack
>techniques utilizing nameservers.
>
>>zone "." IN {
>> type hint;
>> file "named.ca";
>>};
>
>You have moved the named.root into named.ca?
>
>No need for IN in these either.
>
>>
>>zone "localhost" IN {
>> type master;
>> file "pri/localhost.zone";
>> allow-update { none; };
>> notify no;
>>};
>
>Again if public, I would add allow-transfer rules to allow the full dump
>of domains in questions only at appropriate peering servers. Maybe
>allow-query { any; }; for every domain as well.
>
>I might have missed some bugs at cursory glance, but these should help to
>get you started.
>
>-Reko
>
>(By the way Greg Leheys nowadays publicly available book about FreeBSD has
>pretty good walkthrough about basic nameserver configuration)
>_______________________________________________
>freebsd-questions at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>MailScanner thanks transtec Computers for their support.
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
More information about the freebsd-questions
mailing list