BIND9 Syntax?

Derek Ragona derek at
Sun Jan 14 22:56:46 UTC 2007

Once you get the syntax corrected, make sure you are picking up the correct 
named.conf file by doing:
ps -ax| grep name

If you don't have /etc/rc.conf setup correctly, you may not be getting the 
correct named.conf.


At 11:40 AM 1/14/2007, Reko Turja wrote:
>----- Original Message ----- From: "Nate Peck" <nate3000 at>
>To: <freebsd-questions at>
>Sent: Sunday, January 14, 2007 6:39 PM
>Subject: BIND9 Syntax?
>>Dear All,
>>I've been having trouble with BIND(version 9.3.2-P1), and I'm not sure
>>where the problem is. When I try to use nslookup, it spits out:
>>Default server:
>>** server can't find blue.home.lan: SERVFAIL
>>I have my server(blue.home.lan), set up on a LAN.
>>These are my config files:
>>$TTL 3h
>>home.lan. IN SOA blue.home.lan. (
>>                          1        ; Serial
>>                          3h       ; Refresh after 3 hours
>>                          1h       ; Retry after 1 hour
>>                          1w       ; Expire after 1 week
>>                          1h )     ; Negative caching TTL of 1 hour
>And you can define the SOA to be home.lan.
>Missing the email address of responsible administrator - should be like:
>home.lan. IN SOA home.lan.
>                            ^^^^^^^^^^^^^^^^^^^
>Notice that first dot only in email-address is substituted by @
>Usually a good idea is naming the serial like 2007011401 - year, month, 
>day and serial is easier that way in the long run :)
>>options {
>If this was public I would consider adding either a recursion no; or 
>allow-recursion {}; clauses in options in order to avoid some attack 
>techniques utilizing nameservers.
>>zone "." IN {
>>        type hint;
>>        file "";
>You have moved the named.root into
>No need for IN in these either.
>>zone "localhost" IN {
>>        type master;
>>        file "pri/";
>>        allow-update { none; };
>>        notify no;
>Again if public, I would add allow-transfer rules to allow the full dump 
>of domains in questions only at appropriate peering servers. Maybe 
>allow-query { any; }; for every domain as well.
>I might have missed some bugs at cursory glance, but these should help to 
>get you started.
>(By the way Greg Leheys nowadays publicly available book about FreeBSD has 
>pretty good walkthrough about basic nameserver configuration)
>freebsd-questions at mailing list
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe at"
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>MailScanner thanks transtec Computers for their support.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

More information about the freebsd-questions mailing list