Re: DNS problem

From: Scott Harrison <scott_at_mithrandir.com> Date: Thu, 13 May 2004 17:12:58 -0400 · This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:54 UTC

On May 13, 2004, at 17:01, Ben Kelly wrote:

> Scott Harrison wrote:
>> On May 13, 2004, at 15:47, John-Mark Gurney wrote:
>>> Scott Harrison wrote this message on Thu, May 13, 2004 at 14:50 
>>> -0400:
>>>
>>>>     Can someone either tell me what needs to be done to get rid of 
>>>> these
>>>> messages, or tell me which mailing list I should ask?
>>>
>>>
>>> Most likely your named.root is out of date.  Last week 
>>> b.root-servers.net
>>> changed IP address and took my dns server off line.  Do a:
>>> dig _at_198.41.0.4 . ns > /etc/namedb/named.root
>>>
>>> and then restart your name server.. That should fix things for you.
>>>
>>> but for future reference, this is not a FreeBSD issue, a generic
>>> bind/internet question.
>>>
>>>
>>     My named.root has been updated so appears to be correct.  The 
>> b.root-servers.net IP address I have is 192.228.79.201 so I think 
>> everything is fine there.
>>     Unlike others I have this problem regularly.  Every time I make 
>> my server do a DNS lookup it puts a lot of lines into 
>> /var/log/messages, but luckily for me I have not filled /var up.  
>> This has been happening for many days now and I have not been able to 
>> find any real answers using google.
>
> Are you restricting outgoing DNS requests at your firewall?  I made 
> this mistake the first time I tried setting up bind.  (Incidentally, 
> ever since this happened the first line in my dmesg output has been 
> corrupt.)
>
	No, the firewall is configured to allow incoming on port 53 for both 
TCP and UDP, and for outgoing it allows anything from the LAN.

	My config file has in it:

options {
         directory "/etc/namedb";
         forwarders {    63.75.133.13; 63.75.133.14;     };
         query-source address * port 53;
         allow-transfer { 64.45.135.25; };
         allow-query { 63.75.133.121; };
         rrset-order {
                 order fixed;
                 };
         };
zone "." {
         type hint;
         file "named.root";
         };
zone "0.0.127.in-addr.arpa" {
         type master;
         file "loopback.db";
         };
zone "mithrandir.com" {
         type master;
         file "mithrandir.com.db";
         allow-query { any; };
         };

	I do not have in it the 133.75.63.in-addr.arpa zone because my ISP 
provides the lookup for 63.75.133.121 (my machine).  Would that be a 
problem?

-- 
Scott Harrison		PGP Key ID: 0x0f0b5b86