Date: Sat, 11 Aug 2001 12:05:53 -0400 From: Gary Stanny <stanny@TDFltd.com> To: questions@freebsd.org Subject: DNS problem - hundreds of "ns_req: no address for root server" errors Message-ID: <4.2.2.20010811113826.00bab320@10.10.10.1>
next in thread | raw e-mail | index | archive | help
Hi all -
I'm have a slight problem with my DNS that I can't solve. What I want is my
gateway
machine to support everything for my domain this side of my cable modem inside
to my 10.10.10.? internal network while referencing the real NIC assigned
address
for my public side of my domain ("tdfltd.com") for access my web site and
pop mail
accounts. And everything currently works exactly as I want - I can send
mail to local
users (like robot@tdfltd.com) and have it stay internal or I can send mail
to my external
pop accounts (like info@mail.tdfltd.com). And all of my windows machines
can find
their brothers behind the firewall ok and use the gateway's sendmail for
out going mail
ok.
Except I get hundreds of "ns_req: no address for root server" errors per
day. From
my net research and my reading of the TCP/IP network administration (the
crab book)
I think the problem means that bind can't an authoritative source for the
NS record
for my tdfltd.com domain. But I think I have configured named.conf to be a
primary
for tdfltd.com.
Could one of you DNS gurus please review my named.conf & db.tdf.com files and
tell me what's wrong. (And let me know if you need any other config files)
And please CC an answer direct to me since I get the list in digest form
and I'm
hacking now :-)
Thanks a bunch.
root >cat named.conf /etc/namedb
// $FreeBSD: src/etc/namedb/named.conf,v 1.6.2.1 2000/07/15 07:49:29 kris Exp $
//
// Refer to the named(8) man page for details. If you are ever going
// to setup a primary server, make sure you've understood the hairy
// details of how DNS is working. Even with simple mistakes, you can
// break connectivity for affected parties, or cause huge amount of
// useless Internet traffic.
options {
directory "/etc/namedb";
// In addition to the "forwarders" clause, you can force your name
// server to never initiate queries of its own, but always ask its
// forwarders only, by enabling the following line:
//
forward only;
// If you've got a DNS server around at your upstream provider, enter
// its IP address here, and enable the line below. This will make you
// benefit from its cache, thus reduce overall DNS traffic in the Internet.
/*
forwarders {
127.0.0.1;
};
*/
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
/*
* If running in a sandbox, you may have to specify a different
* location for the dumpfile.
*/
// dump-file "s/named_dump.db";
};
// Note: the following will be supported in a future release.
/*
host { any; } {
topology {
127.0.0.0/8;
};
};
*/
// Setting up secondaries is way easier and the rough picture for this
// is explained below.
//
// If you enable a local name server, don't forget to enter 127.0.0.1
// into your /etc/resolv.conf so this server will be queried first.
// Also, make sure to enable it in /etc/rc.conf.
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
// file "tdf_ltd.db";
file "db.tdf.com.localhost";
// file "localhost.rev";
};
//zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
// type master;
// file "tdf_ltd.db";
// file "localhost.rev";
//};
// NB: Do not use the IP addresses below, they are faked, and only
// serve demonstration/documentation purposes!
//
// Example secondary config entries. It can be convenient to become
// a secondary at least for the zone where your own domain is in. Ask
// your network administrator for the IP address of the responsible
// primary.
//
// Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
// (This is the first bytes of the respective IP address, in reverse
// order, with ".IN-ADDR.ARPA" appended.)
//
// Before starting to setup a primary zone, better make sure you fully
// understand how DNS and BIND works, however. There are sometimes
// unobvious pitfalls. Setting up a secondary is comparably simpler.
//
// NB: Don't blindly enable the examples below. :-) Use actual names
// and addresses instead.
//
// NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf).
// The directory containing the secondary zones must be write accessible
// to bind. The following sequence is suggested:
//
// mkdir /etc/namedb/s
// chown bind.bind /etc/namedb/s
// chmod 750 /etc/namedb/s
/*
zone "domain.com" {
type slave;
file "s/domain.com.bak";
masters {
192.168.1.1;
};
};
zone "0.168.192.in-addr.arpa" {
type slave;
file "s/0.168.192.in-addr.arpa.bak";
masters {
192.168.1.1;
};
};
*/
zone "TDFltd.com" {
type master;
file "db.tdf.com";
};
zone "10.10.10.IN-ADDR.ARPA" {
type master;
file "db.tdf.com.reverse";
};
-----------------------
root >cat db.tdf.com /etc/namedb
;
; db.tdf.com
; main domain name server record
;
@ IN SOA diablo.tdfltd.com. postmaster.tdfltd.com. (
200103260707 ; serial number
7200 ; refresh
600 ; retry
1209600 ; expire ( 14 days )
86400 ; minimum
)
IN NS TDFltd.com.
IN MX 10 mail.tdfltd.com.
* IN MX 10 mail.tdfltd.com.
;
; define the MX records for the lan
;
diablo IN A 10.10.10.1
IN MX 5 mail.tdfltd.com.
; addresses at WIPC
www IN A 208.214.30.34
ftp IN A 208.214.29.232
mail IN A 208.222.107.46
;
albert IN A 10.10.10.10
; IN MX 0 diablo
mars IN A 10.10.10.11
; IN MX 0 diablo
zeus IN A 10.10.10.12
; IN MX 0 diablo
thor IN A 10.10.10.13
; IN MX 0 diablo
venus IN A 10.10.10.14
; IN MX 0 diablo
igor IN A 10.10.10.15
; IN MX 0 diablo
kenny IN A 10.10.10.16
IN MX 0 diablo
alf IN A 10.10.10.17
IN MX 0 diablo
george IN A 10.10.10.20
IN MX 0 diablo
linda IN A 10.10.10.21
IN MX 0 diablo
kennyu IN A 10.10.10.26
IN MX 0 diablo
opus IN A 10.10.10.5
IN MX 0 diablo
q IN A 10.10.10.50
IN MX 0 diablo
;
; END db.tdf.com
;
cheers
gary
Gary Stanny Tierra del Fuego Ltd. www.TDFltd.com
stanny@TDFltd.com Financial Software 734-449-8306 (voice/fax)
7725 Shady Beach Dr Whitmore Lake, MI, 48189 USA
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.2.20010811113826.00bab320>