[Gllug] BIND9 Problems

Ian Northeast ian at house-from-hell.demon.co.uk
Tue Mar 1 20:55:42 UTC 2005 

Wiehe, Simon wrote:
>>John wrote
>>
>>No, it's perfectly feasible and it's exactly what I do here.
>>
>>Have you changed /etc/resolv.conf to tell your local resolver library to
>>use the local DNS server in preference to your ISP's one?
>>
>>Assuming your existing ISP's DNS server is aaa.bbb.ccc.ddd you should
>>previously (pre local DNS server) have had:
>>
>>nameserver aaa.bbb.ccc.ddd
>>
>>in /etc/resolv.conf
>>
>>Now you have your own local DNS server you want to put:
>>
>>nameserver 127.0.0.1
>>
>>in /etc/resolv.conf and:
>>
>>    forwarders {
>>        aaa.bbb.ccc.ddd;
>>    };
>>
>>in /etc/bind/named.conf (or similar file to suit your setup).
>>
> 
> 
> This is what I have but it still seems to go outside rather than looking 
> at my name service. Maybe I have a db file misconfigured so it can't
> respond. I just have SOA records in there at the moment could that
> cause the problem? Also I am querying home.sjwcc.com whereas ultimately
> it will be xxxx.home.sjwcc.com

It should work if you also put a "master" statement in named.conf for 
home.sjwcc.com. It will prefer the locally held domain to the forwarder 
for home.sjwcc.com and all subdomains, but go out to the forwarder for 
anything else .sjwcc.com. It'll work equally well if you use a root 
cache hints file instead of using a forwarder (actually bind9 has a root 
cache compiled in, so it'll always use one whether you tell it to or 
not. But the forwarder takes precedence).

If you only have SOA records that could be the problem, you also need at 
least one NS record for the domain to be valid, and an A record for the 
nameserver if it's within its own domain which I assume it is (plus a 
$TTL directive). Something like:

$TTL 86400
@   IN  SOA  mymachine.home.sjwcc.com.   me.mymachine.home.sjwcc.com. (
                             20050301
                             10800
                             3600
                             604800
                             60 )
             IN    NS    mymachine
mymachine   IN    A     w.x.y.z

Numeric values are arbitrary but fairly typical, adjust as required, 
although if this is only accessible on your private network and you have 
no other nameserver they don't have any effect, but have to be present.

I sometimes do this sort of thing at work to present a slightly 
different view of the world on the LAN to the Internet (to make internal 
traffic to the public web server go via the LAN for instance). It's 
easier than using views as such, which are only necessary if a server is 
serving both internal and external clients and needs to give them 
different answers. It sounds like your server isn't required to serve 
Internet based clients so you won't need views.

Look in the log for errors at named startup. Normally they'll be in 
/var/log/messages but it depends how you have your logging configured. 
If a zone file is invalid named will just drop it, it won't fail. 
Provided your logging is set correctly, it'll log the fact.

Incidentally if you want all external queries to always go to your ISP 
nameserver you might want to add "forward only". It doesn't quite do 
what it might appear to - it doesn't make it forward for any domains you 
have defined locally as master or slave. What it does is override the 
default to attempt resolution from scratch starting from the roots if 
the forwarder doesn't respond in a timely fashion ("forward first"). I'd 
also use two or more forwarders if using any.

Regards, Ian

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug

More information about the GLLUG mailing list