From mboxrd@z Thu Jan 1 00:00:00 1970 From: gracecott@sancharnet.in Subject: Re:setting up bind Date: Thu, 08 Jul 2004 10:16:14 +0530 (GMT+05:30) Sender: linux-admin-owner@vger.kernel.org Message-ID: <33090478.1089261974937.JavaMail.nobody@ndl1pp2-a-fixed> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="Boundary_(ID_l52p95kIgF21PcomLMrRsA)" Return-path: List-Id: To: linux-admin@vger.kernel.org --Boundary_(ID_l52p95kIgF21PcomLMrRsA) Content-type: text/plain; charset=iso-8859-1 Content-transfer-encoding: 7BIT Content-disposition: inline Hi everyone, Ahsan, thanks for the help. Anyways, I did what ever you guys instructed me to do.However, named just refuses to get off the ground. the other computers on my network just refuse to connect to my NS and exit with a ":timed out, no servers reached" error I've attached my config files (please don't laugh at them :-( ). Could anyone have a look at them and tell me what I'm doing wrong here When I stop named , I get an error rndc :connect failed : connection refused Thanks, Joy.M.M --Boundary_(ID_l52p95kIgF21PcomLMrRsA) Content-type: application/octet-stream; name=named.conf Content-transfer-encoding: 7bit Content-disposition: attachment; filename=named.conf Content-description: Attached file: named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local include "/etc/bind/named.conf.options"; //# Use with the following in named.conf, adjusting the allow list as needed key "rndc-key" { algorithm hmac-md5; secret "XXXX"; }; //secret is the same in rndc.conf and here controls { inet 192.168.2.16 port 953 allow { localnets; } keys { "rndc-key"; }; }; // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; //zone "com" { type delegation-only; }; zone "com" {type delegation-only;}; zone "net" { type delegation-only; }; // From the release notes: // Because many of our users are uncomfortable receiving undelegated answers // from root or top level domains, other than a few for whom that behaviour // has been trusted and expected for quite some length of time, we have now // introduced the "root-delegations-only" feature which applies delegation-only // logic to all top level domains, and to the root domain. An exception list // should be specified, including "MUSEUM" and "DE", and any other top level // domains from whom undelegated responses are expected and trusted. // root-delegation-only exclude { "DE"; "MUSEUM"; }; include "/etc/bind/named.conf.local"; --Boundary_(ID_l52p95kIgF21PcomLMrRsA) Content-type: application/octet-stream; name=db.local Content-transfer-encoding: 7bit Content-disposition: attachment; filename=db.local Content-description: Attached file: db.local ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 1 ; Serial 6048 ; Refresh 864 ; Retry 2419 ; Expire 6048 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 127.0.0.1 PCM.COM. IN NS PARROT.PCM.COM. PARROT.PCM.COM. IN A 192.168.2.16 EAGLE.PCM.COM. IN A 192.168.2.11 SWAN1.PCM.COM. IN A 192.168.2.14 SWAN2.PCM.COM. IN A 192.168.2.15 ;got this one from dig. pcm.com. 7155 IN A 209.233.130.34 ;; AUTHORITY SECTION: pcm.com. 7155 IN NS ns1.pbi.net. pcm.com. 7155 IN NS ns2.pbi.net. ;; ADDITIONAL SECTION: ns1.pbi.net. 164758 IN A 206.13.28.11 ns2.pbi.net. 164758 IN A 206.13.29.11 ; <<>> DiG 9.2.4rc2 <<>> vitelsystems.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48987 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;vitelsystems.com. IN A ;; ANSWER SECTION: vitelsystems.com. 604745 IN A 216.17.101.50 ;; AUTHORITY SECTION: vitelsystems.com. 604745 IN NS ns2.imindia.net. vitelsystems.com. 604745 IN NS ns1.imindia.net. ;; ADDITIONAL SECTION: ns1.imindia.net. 172743 IN A 216.17.101.50 ns2.imindia.net. 172742 IN A 65.214.160.50 ;; Query time: 0 msec ;; SERVER: 203.129.242.66#53(203.129.242.66) ;; WHEN: Tue Jul 6 18:04:39 2004 ;; MSG SIZE rcvd: 129 --Boundary_(ID_l52p95kIgF21PcomLMrRsA) Content-type: application/octet-stream; name=named.conf.local Content-transfer-encoding: 7bit Content-disposition: attachment; filename=named.conf.local Content-description: Attached file: named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; acl local-net{localnets;}; zone "pcm.com" { type master; file "db.local"; allow-query{localnets;}; also-notify{XX.XX.XX.XX;}; }; //Do I need the also-notify part? its the name server for all companies in our //area //pardon me for XX'ing some stuff --Boundary_(ID_l52p95kIgF21PcomLMrRsA) Content-type: application/octet-stream; name=named.conf.options Content-transfer-encoding: 7bit Content-disposition: attachment; filename=named.conf.options Content-description: Attached file: named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you might need to uncomment the query-source // directive below. Previous versions of BIND always asked // questions using port 53, but BIND 8.1 and later use an unprivileged // port by default. // query-source address * port 53; // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; allow-query {all;}; auth-nxdomain no; # conform to RFC1035 }; --Boundary_(ID_l52p95kIgF21PcomLMrRsA) Content-type: application/octet-stream; name=rndc.conf Content-transfer-encoding: 7bit Content-disposition: attachment; filename=rndc.conf Content-description: Attached file: rndc.conf # Start of rndc.conf key "rndc-key" { algorithm hmac-md5; secret "XXXXX"; }; options { default-key "rndc-key"; default-server 192.168.2.16; default-port 953; }; # End of rndc.confa server 192.168.2.16{ key "rndc-key"; }; --Boundary_(ID_l52p95kIgF21PcomLMrRsA)--