Problems with named default configuration in 6-STABLE

Thu Jul 19 04:17:10 UTC 2007

> --nextPart2302559.jWhKoKUfrP
> Content-Type: text/plain;
>   charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
> Content-Disposition: inline
> 
> On Tuesday, 17. July 2007, Volker wrote:
> > On 07/17/07 09:20, Michael Nottebrock wrote:
> > > On Tuesday, 17. July 2007, Yuri Pankov wrote:
> > >> On Mon, Jul 16, 2007 at 11:19:41PM +0200, Michael Nottebrock wrote:
> > >>> I finally updated my desktop from 5.5-RELEASE to 6-STABLE. This got me
> > >>> a new named.conf, which I modified to run named as a local resolver,
> > >>> like I had before:
> > >>>
> > >>> listen-on       { 127.0.0.1; };
> > >>> listen-on-v6    { ::1; };
> > >>> forward only;
> > >>> forwarders {
> > >>>      192.168.8.1;
> > >>> };
> > >>>
> > >>> Everything else is default. However, with this default configuration,
> > >>> named will not resolve any hosts of my local domain (my.domain), which
> > >>> uses addresses in the 192.168.8 subnet. My dns server on 192.168.8.1,
> > >>> running 6.2-RELEASE, has a very simple dynamic dns setup: a zone
> > >>> "my.domain" and a reverse zone 8.168.192.in-addr.arpa which are both
> > >>> dynamically updated by dhcpd.
> > >>>
> > >>> To make this work again, I had to delete everything in the default
> > >>> named.conf from "/*      Slaving the following zones from the root
> > >>> [...]" to "zone "ip6.int"                  { type master;
> > >>> file "master/empty.db"; };".
> > >>>
> > >>> I'm a DNS n00b, but I suspect that such drastic measures shouldn't be
> > >>> required and somehow my setup is flawed. What can I do to make this
> > >>> work right?
> > >>>
> > >>>
> > >>> Cheers,
> > >>> --
> > >>>    ,_,   | Michael Nottebrock               | lofi at freebsd.org
> > >>>  (/^ ^\) | FreeBSD - The Power to Serve     | http://www.freebsd.org
> > >>>    \u/   | K Desktop Environment on FreeBSD | http://freebsd.kde.org
> > >>
> > >> Hi Michael,
> > >>
> > >> If I understood you correctly, you can't resolve 8.168.192.in-addr.arpa
> > >> anymore, and the line below (from default named.conf) is the cause:
> > >>
> > >> zone "168.192.in-addr.arpa"   { type master; file "master/empty.db"; };
> > >
> > Yes - and this:
> > >
> > > zone "." {
> > >         type slave;
> >
> > The root zone MUST be of type hint. You do not want to be a slave of
> > the root... don't you? ;)
> 
> The new default configuration of named wants me to be.
> 
> But now that you've mentioned it, I finally saw the following lines in the=
> =20
> default named.conf:
> 
> =2D--
>         If you do not wish to slave these zones from the root servers
>         use the entry below instead.
>         zone "." { type hint; file "named.root"; };
> =2D--
> 
> I scanned over that before, but being a DNS n00b, I didn't understand what =
> it=20
> meant. So, that solves that. Still, quite a bit of editing required:=20
> Commenting out the slaved root zone, moving out the root servers hint out o=
> f=20
> a comment and commenting out the empty zone for my private use network to=20
> make reverse lookups work again.
> 
> I think at least an UPDATING entry and maybe some more verbose and less=20
> technical commenting in named.conf itself is warranted.
> 
> =2D-=20
>    ,_,   | Michael Nottebrock               | lofi at freebsd.org
>  (/^ ^\) | FreeBSD - The Power to Serve     | http://www.freebsd.org
>    \u/   | K Desktop Environment on FreeBSD | http://freebsd.kde.org
> 
> --nextPart2302559.jWhKoKUfrP
> Content-Type: application/pgp-signature; name=signature.asc 
> Content-Description: This is a digitally signed message part.
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (FreeBSD)
> 
> iD8DBQBGnHiIXhc68WspdLARAuSHAKCk7dskkSAzlAiquA48iGvGf+B88ACeOoj4
> XfDcTp42hWrF4RFOnG1jE8c=
> =bto6
> -----END PGP SIGNATURE-----
> 
> --nextPart2302559.jWhKoKUfrP--

For a forward "zone" to work there has to be a zone cut between any
authoritative zones (master/slave) and the forward zone.

When you graft private namespaces onto the DNS tree slave / stubs
zones work better.

Forward zones and forwarders are over used.

Mark

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org