From owner-freebsd-questions@FreeBSD.ORG Mon Jan 15 17:30:27 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8FDDD16A416 for ; Mon, 15 Jan 2007 17:30:27 +0000 (UTC) (envelope-from nate3000@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.171]) by mx1.freebsd.org (Postfix) with ESMTP id EE58E13C45E for ; Mon, 15 Jan 2007 17:30:26 +0000 (UTC) (envelope-from nate3000@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so1280569uge for ; Mon, 15 Jan 2007 09:30:25 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=M8WXUVRAUeO4sa13z2jLwvGTqRnob7EFX4QCBPXqckfO9kaKMV1W1kqqR2rSzc23ktQJ8CohZRHevD+lyBEVf+QUhUV2q8u4mbxJSpGjuJhESv5USGGReuM/u0suuyP9R7uxmhokkIxhspFahTbJeJDpjuWEHbmBPH26v3FbVYo= Received: by 10.82.118.2 with SMTP id q2mr678502buc.1168882222798; Mon, 15 Jan 2007 09:30:22 -0800 (PST) Received: by 10.78.155.4 with HTTP; Mon, 15 Jan 2007 09:30:22 -0800 (PST) Message-ID: <7ddd53320701150930x4e33fde8q576cb563232ca74a@mail.gmail.com> Date: Mon, 15 Jan 2007 09:30:22 -0800 From: "Nate Peck" To: "Derek Ragona" In-Reply-To: <6.0.0.22.2.20070114165429.025c5068@mail.computinginnovations.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <7ddd53320701140839t65f5b005r3b5bbe105c71700e@mail.gmail.com> <02fc01c73803$0644d4a0$0a0aa8c0@rivendell> <6.0.0.22.2.20070114165429.025c5068@mail.computinginnovations.com> Cc: Reko Turja , freebsd-questions@freebsd.org Subject: Re: BIND9 Syntax? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Jan 2007 17:30:27 -0000 Thanks Derek and Reko! BIND works, and is resolving. Nate Peck On 1/14/07, Derek Ragona wrote: > > Once you get the syntax corrected, make sure you are picking up the correct > named.conf file by doing: > ps -ax| grep name > > If you don't have /etc/rc.conf setup correctly, you may not be getting the > correct named.conf. > > -Derek > > > > At 11:40 AM 1/14/2007, Reko Turja wrote: > > ----- Original Message ----- From: "Nate Peck" > To: > Sent: Sunday, January 14, 2007 6:39 PM > Subject: BIND9 Syntax? > > > > Dear All, > > I've been having trouble with BIND(version 9.3.2-P1), and I'm not sure > where the problem is. When I try to use nslookup, it spits out: > > > server 127.0.0.1Default server: 127.0.0.1 > Address: 127.0.0.1#53 > > blue.home.lanServer: 127.0.0.1 > Address: 127.0.0.1#53 > > ** server can't find blue.home.lan: SERVFAIL > > > I have my server(blue.home.lan), set up on a LAN. > > These are my config files: > > db.home.lan: > $TTL 3h > home.lan. IN SOA blue.home.lan. ( > 1 ; Serial > 3h ; Refresh after 3 hours > 1h ; Retry after 1 hour > 1w ; Expire after 1 week > 1h ) ; Negative caching TTL of 1 hour > > And you can define the SOA to be home.lan. > Missing the email address of responsible administrator - should be like: > > home.lan. IN SOA home.lan. email.blue.home.lan > ^^^^^^^^^^^^^^^^^^^ > > Notice that first dot only in email-address is substituted by @ > > Usually a good idea is naming the serial like 2007011401 - year, month, day > and serial is easier that way in the long run :) > > > named.conf: > options { > If this was public I would consider adding either a recursion no; or > allow-recursion {}; clauses in options in order to avoid some attack > techniques utilizing nameservers. > > > zone "." IN { > type hint; > file "named.ca"; > }; > You have moved the named.root into named.ca? > > No need for IN in these either. > > > > zone "localhost" IN { > type master; > file "pri/localhost.zone"; > allow-update { none; }; > notify no; > }; > Again if public, I would add allow-transfer rules to allow the full dump of > domains in questions only at appropriate peering servers. Maybe allow-query > { any; }; for every domain as well. > > I might have missed some bugs at cursory glance, but these should help to > get you started. > > -Reko > > (By the way Greg Leheys nowadays publicly available book about FreeBSD has > pretty good walkthrough about basic nameserver configuration) > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > MailScanner thanks transtec Computers for their support.