Date: Sat, 11 Aug 2001 23:36:57 +0100 From: Richard Smith <rdls@satamatics.com> To: Gary Stanny <stanny@TDFltd.com> Cc: questions@freebsd.org Subject: Re: DNS problem - hundreds of "ns_req: no address for root server" errors Message-ID: <20010811233656.D733@gaia.home.rdls.net> In-Reply-To: <4.2.2.20010811113826.00bab320@10.10.10.1>; from stanny@TDFltd.com on Sat, Aug 11, 2001 at 12:05:53PM -0400 References: <4.2.2.20010811113826.00bab320@10.10.10.1>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Aug 11, 2001 at 12:05:53PM -0400, Gary Stanny wrote:
> Hi all -
>
> I'm have a slight problem with my DNS that I can't solve. What I want is my
> gateway
> machine to support everything for my domain this side of my cable modem inside
> to my 10.10.10.? internal network while referencing the real NIC assigned
> address
> for my public side of my domain ("tdfltd.com") for access my web site and
> pop mail
> accounts. And everything currently works exactly as I want - I can send
> mail to local
> users (like robot@tdfltd.com) and have it stay internal or I can send mail
> to my external
> pop accounts (like info@mail.tdfltd.com). And all of my windows machines
> can find
> their brothers behind the firewall ok and use the gateway's sendmail for
> out going mail
> ok.
>
> Except I get hundreds of "ns_req: no address for root server" errors per
> day. From
> my net research and my reading of the TCP/IP network administration (the
> crab book)
> I think the problem means that bind can't an authoritative source for the
> NS record
> for my tdfltd.com domain. But I think I have configured named.conf to be a
> primary
> for tdfltd.com.
>
> Could one of you DNS gurus please review my named.conf & db.tdf.com files and
> tell me what's wrong. (And let me know if you need any other config files)
>
> And please CC an answer direct to me since I get the list in digest form
> and I'm
> hacking now :-)
>
> Thanks a bunch.
>
> root >cat named.conf /etc/namedb
> // $FreeBSD: src/etc/namedb/named.conf,v 1.6.2.1 2000/07/15 07:49:29 kris Exp $
> //
> // Refer to the named(8) man page for details. If you are ever going
> // to setup a primary server, make sure you've understood the hairy
> // details of how DNS is working. Even with simple mistakes, you can
> // break connectivity for affected parties, or cause huge amount of
> // useless Internet traffic.
>
> options {
> directory "/etc/namedb";
>
> // In addition to the "forwarders" clause, you can force your name
> // server to never initiate queries of its own, but always ask its
> // forwarders only, by enabling the following line:
> //
> forward only;
>
> // If you've got a DNS server around at your upstream provider, enter
> // its IP address here, and enable the line below. This will make you
> // benefit from its cache, thus reduce overall DNS traffic in the Internet.
> /*
> forwarders {
> 127.0.0.1;
> };
> */
> /*
> * If there is a firewall between you and nameservers you want
> * to talk to, you might need to uncomment the query-source
> * directive below. Previous versions of BIND always asked
> * questions using port 53, but BIND 8.1 uses an unprivileged
> * port by default.
> */
> query-source address * port 53;
>
> /*
> * If running in a sandbox, you may have to specify a different
> * location for the dumpfile.
> */
> // dump-file "s/named_dump.db";
> };
>
> // Note: the following will be supported in a future release.
> /*
> host { any; } {
> topology {
> 127.0.0.0/8;
> };
> };
> */
>
> // Setting up secondaries is way easier and the rough picture for this
> // is explained below.
> //
> // If you enable a local name server, don't forget to enter 127.0.0.1
> // into your /etc/resolv.conf so this server will be queried first.
> // Also, make sure to enable it in /etc/rc.conf.
>
> zone "." {
> type hint;
> file "named.root";
> };
>
> zone "0.0.127.IN-ADDR.ARPA" {
> type master;
> // file "tdf_ltd.db";
> file "db.tdf.com.localhost";
> // file "localhost.rev";
> };
>
> //zone
> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.INT" {
> // type master;
> // file "tdf_ltd.db";
> // file "localhost.rev";
> //};
>
> // NB: Do not use the IP addresses below, they are faked, and only
> // serve demonstration/documentation purposes!
> //
> // Example secondary config entries. It can be convenient to become
> // a secondary at least for the zone where your own domain is in. Ask
> // your network administrator for the IP address of the responsible
> // primary.
> //
> // Never forget to include the reverse lookup (IN-ADDR.ARPA) zone!
> // (This is the first bytes of the respective IP address, in reverse
> // order, with ".IN-ADDR.ARPA" appended.)
> //
> // Before starting to setup a primary zone, better make sure you fully
> // understand how DNS and BIND works, however. There are sometimes
> // unobvious pitfalls. Setting up a secondary is comparably simpler.
> //
> // NB: Don't blindly enable the examples below. :-) Use actual names
> // and addresses instead.
> //
> // NOTE!!! FreeBSD runs bind in a sandbox (see named_flags in rc.conf).
> // The directory containing the secondary zones must be write accessible
> // to bind. The following sequence is suggested:
> //
> // mkdir /etc/namedb/s
> // chown bind.bind /etc/namedb/s
> // chmod 750 /etc/namedb/s
>
> /*
> zone "domain.com" {
> type slave;
> file "s/domain.com.bak";
> masters {
> 192.168.1.1;
> };
> };
>
> zone "0.168.192.in-addr.arpa" {
> type slave;
> file "s/0.168.192.in-addr.arpa.bak";
> masters {
> 192.168.1.1;
> };
> };
> */
>
> zone "TDFltd.com" {
> type master;
> file "db.tdf.com";
> };
>
> zone "10.10.10.IN-ADDR.ARPA" {
> type master;
> file "db.tdf.com.reverse";
> };
>
> -----------------------
>
> root >cat db.tdf.com /etc/namedb
> ;
> ; db.tdf.com
> ; main domain name server record
> ;
>
> @ IN SOA diablo.tdfltd.com. postmaster.tdfltd.com. (
> 200103260707 ; serial number
You may want to check /var/log/messages to see what named is doing when
it starts up. But my guess is that that serial number needs to fit
into a 32-bit uint, so its 2 digits too long.
--
Richard Smith
Network Systems Director
Satamatics Ltd
Green Lane, Tewkesbury, GL20 8HD, United Kingdom
Tel: +44 1684 278610
Fax: +44 1684 278611
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010811233656.D733>