Date: Sun, 14 Jan 2007 16:56:04 -0600 From: Derek Ragona <derek@computinginnovations.com> To: "Reko Turja" <reko.turja@liukuma.net>, "Nate Peck" <nate3000@gmail.com>, <freebsd-questions@freebsd.org> Subject: Re: BIND9 Syntax? Message-ID: <6.0.0.22.2.20070114165429.025c5068@mail.computinginnovations.com> In-Reply-To: <02fc01c73803$0644d4a0$0a0aa8c0@rivendell> References: <7ddd53320701140839t65f5b005r3b5bbe105c71700e@mail.gmail.com> <02fc01c73803$0644d4a0$0a0aa8c0@rivendell>
next in thread | previous in thread | raw e-mail | index | archive | help
Once you get the syntax corrected, make sure you are picking up the correct
named.conf file by doing:
ps -ax| grep name
If you don't have /etc/rc.conf setup correctly, you may not be getting the
correct named.conf.
-Derek
At 11:40 AM 1/14/2007, Reko Turja wrote:
>----- Original Message ----- From: "Nate Peck" <nate3000@gmail.com>
>To: <freebsd-questions@freebsd.org>
>Sent: Sunday, January 14, 2007 6:39 PM
>Subject: BIND9 Syntax?
>
>
>>Dear All,
>>
>>I've been having trouble with BIND(version 9.3.2-P1), and I'm not sure
>>where the problem is. When I try to use nslookup, it spits out:
>>
>>>server 127.0.0.1
>>Default server: 127.0.0.1
>>Address: 127.0.0.1#53
>>>blue.home.lan
>>Server: 127.0.0.1
>>Address: 127.0.0.1#53
>>
>>** server can't find blue.home.lan: SERVFAIL
>>
>>I have my server(blue.home.lan), set up on a LAN.
>>
>>These are my config files:
>>
>>db.home.lan:
>>$TTL 3h
>>home.lan. IN SOA blue.home.lan. (
>> 1 ; Serial
>> 3h ; Refresh after 3 hours
>> 1h ; Retry after 1 hour
>> 1w ; Expire after 1 week
>> 1h ) ; Negative caching TTL of 1 hour
>
>
>And you can define the SOA to be home.lan.
>Missing the email address of responsible administrator - should be like:
>
>home.lan. IN SOA home.lan. email.blue.home.lan
> ^^^^^^^^^^^^^^^^^^^
>
>Notice that first dot only in email-address is substituted by @
>
>Usually a good idea is naming the serial like 2007011401 - year, month,
>day and serial is easier that way in the long run :)
>
>>named.conf:
>>options {
>
>If this was public I would consider adding either a recursion no; or
>allow-recursion {}; clauses in options in order to avoid some attack
>techniques utilizing nameservers.
>
>>zone "." IN {
>> type hint;
>> file "named.ca";
>>};
>
>You have moved the named.root into named.ca?
>
>No need for IN in these either.
>
>>
>>zone "localhost" IN {
>> type master;
>> file "pri/localhost.zone";
>> allow-update { none; };
>> notify no;
>>};
>
>Again if public, I would add allow-transfer rules to allow the full dump
>of domains in questions only at appropriate peering servers. Maybe
>allow-query { any; }; for every domain as well.
>
>I might have missed some bugs at cursory glance, but these should help to
>get you started.
>
>-Reko
>
>(By the way Greg Leheys nowadays publicly available book about FreeBSD has
>pretty good walkthrough about basic nameserver configuration)
>_______________________________________________
>freebsd-questions@freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>MailScanner thanks transtec Computers for their support.
>
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6.0.0.22.2.20070114165429.025c5068>