| 1 |
Am Freitag, den 05.03.2010, 10:59 +0100 schrieb Christian Bricart: |
| 2 |
> Alexander Zimmerling wrote: |
| 3 |
> > Hi guys, |
| 4 |
> > |
| 5 |
> > I am sitting here with my new gentoo server. At the moment I struggle |
| 6 |
> > with bind. The problem is known, but I cannot solve it without help. |
| 7 |
> |
| 8 |
> > [..] |
| 9 |
> |
| 10 |
> have you tried to point upstream resolving to your provider's nameservers |
| 11 |
> rather than always asking the root-nameservers..? |
| 12 |
> |
| 13 |
> try adding: |
| 14 |
> |
| 15 |
> .. |
| 16 |
> forwarders { |
| 17 |
> 8.8.8.8; |
| 18 |
> 8.8.4.4; |
| 19 |
> }; |
| 20 |
> .. |
| 21 |
> |
| 22 |
> to the "options { ..}"-block in your /etc/bind/named.conf - which will |
| 23 |
> then ask the Google-DNS cluster for unknown/uncached RR. |
| 24 |
> You may also specify your provider's DNS IPs there to have an even shorter |
| 25 |
> round-trip for lookups. |
| 26 |
> |
| 27 |
> > P.S.: I've found a similar "bug" in bugzilla |
| 28 |
> > (http://bugs.gentoo.org/show_bug.cgi?id=269202) but w/o resolution. |
| 29 |
> |
| 30 |
> i doubt that your problem is IPv6 related. |
| 31 |
> |
| 32 |
> Christian |
| 33 |
> |
| 34 |
> |
| 35 |
|
| 36 |
Hi Christian, |
| 37 |
|
| 38 |
find below my current (nearly copied) named.conf. |
| 39 |
As you can see, forwarders are defined (a router, connected to the |
| 40 |
internet). Name-resolution works like a charm in dmz (using the router). |
| 41 |
|
| 42 |
<snip> |
| 43 |
|
| 44 |
Tartessos ~ # cat /etc/bind/named.conf |
| 45 |
//azi 2010 02 28 |
| 46 |
include "/etc/bind/log.conf"; |
| 47 |
options { |
| 48 |
directory "/var/bind"; |
| 49 |
|
| 50 |
// uncomment the following lines to turn on DNS forwarding, |
| 51 |
// and change the forwarding ip address(es) : |
| 52 |
//forward first; |
| 53 |
forwarders { |
| 54 |
#192.168.0.3; |
| 55 |
192.168.5.1; |
| 56 |
}; |
| 57 |
|
| 58 |
//azi 2010 03 03 |
| 59 |
listen-on-v6 { none; }; |
| 60 |
listen-on { 127.0.0.1; |
| 61 |
192.168.0.5; |
| 62 |
}; |
| 63 |
|
| 64 |
// to allow only specific hosts to use the DNS server: |
| 65 |
allow-query { |
| 66 |
127.0.0.1; |
| 67 |
192.168.0.0/24; |
| 68 |
}; |
| 69 |
|
| 70 |
auth-nxdomain yes; |
| 71 |
notify no; |
| 72 |
|
| 73 |
// if you have problems and are behind a firewall: |
| 74 |
//query-source address * port 53; |
| 75 |
pid-file "/var/run/named/named.pid"; |
| 76 |
|
| 77 |
zone-statistics yes; |
| 78 |
statistics-file "/var/log/named.stats"; |
| 79 |
}; |
| 80 |
|
| 81 |
zone "." IN { |
| 82 |
type hint; |
| 83 |
file "named.ca"; |
| 84 |
}; |
| 85 |
|
| 86 |
zone "localhost" IN { |
| 87 |
type master; |
| 88 |
file "pri/localhost.zone"; |
| 89 |
allow-update { none; }; |
| 90 |
notify no; |
| 91 |
}; |
| 92 |
|
| 93 |
zone "127.in-addr.arpa" IN { |
| 94 |
type master; |
| 95 |
file "pri/127.zone"; |
| 96 |
allow-update { none; }; |
| 97 |
notify no; |
| 98 |
}; |
| 99 |
|
| 100 |
}; |
| 101 |
|
| 102 |
|
| 103 |
<snap> |
| 104 |
|
| 105 |
I've added the provided forwarders, which -in deed- speeds up |
| 106 |
name-resolution. Some queries are still slow, but I guess, this is ok. |
| 107 |
Thanks for your help. |
| 108 |
|
| 109 |
Have a nice weekend |
| 110 |
|
| 111 |
- Alex |
Archives