secondary DNS probem ( thanks steven)

sylvan dacounha sylvan_2804 at yahoo.com
Wed May 16 19:26:57 UTC 2007 

thnaks stevan..
  really apprecite your quick reply..
  u advise was a grt help for me
   
  i was makin a silly mistake
   
  jus for your information i paste a part of named.conf file where i was makin the mistake
   
  acl allow-list {10.0.0.0/8;
                172.16.0.0/16;
                62.150.152.0/24;
                195.226.224.72;
                195.226.224.74;
                127.0.0.1;
                };
options {
        directory "/var/newnamed";
        //allow-query { allow-list; };
        allow-notify { 62.150.152.2 ; };
        allow-recursion { allow-list; };
        recursion no;
   
  i had recursion no --statement after my acl allow list ..
  i jus removed it and it worked perfect...
   
  btw i jus wanna know is my server open to dos attacks since i already have my acl list ..
  so definately my server is safe ... am i right
   
  once again really appreciate for ur professional help
   
   
  regards 
   
  simon
   
  cheers
  :)
   
   
  

Stephen Carville <stephen at totalflood.com> wrote:
  sylvan dacounha wrote:
> Dear All,
> 
> I have a REDHAT box running bind and been working fine for last few
> months. 
> this server was hosting my other other local domains also which were all
> workin fine
> 
> i installed a new redhat machine with bind to be a secondary or slave
> named server a week ago as per the documentation .
> so if my primary server goes down all my clients and the inrternet
> users can still access my my web sites.
> 
> Now when i restart my primary i c the zones gettin transferred to my
> secondary DNS which i newly setup and when i do a nslookup goin into the
> server for internet sites ex: www.yahoo.com it does not resolve them
> 
> but the sites hosted in my netwrok im able to resolve them fine
> 
> here the details
> 
> my master name server .. ns1.kmun.gov.kw ---- IP
> 62.150.152.1
> slave server which new installed .. ns2.kmun.gov.kw ------- IP
> 62.150.152.2

Looks like 62.150.152.2 is set with recursion off. That means it will 
only answer for zones it is authoritative for. If you want it to be a 
server for others to query, set recursion to yes. You are using Bind 9 
(v9.3.4) so you can set an access list for allow-recursion.

Something like:

acl allowed-nets { x.x.x.0/24; y.y.200.0/21; };

options {
recursion yes;
allow-recursion { allowed-nets; };
};

The allow-recursion is optional but without it, sooner or later, some 
dickhead script kiddie will try a DOS on you.

> if i go to server ns1.kmun.gov.kw or the ip i can resolve both the
> internet sites as well as my local domain ...
> 
> appreciate ur help
> 
> thnks and Regards
> 
> 
> 
> simon
> 
> 
> 
> 
> 
> 
> 
> ---------------------------------
> Pinpoint customers who are looking for what you sell. 


-- 
Stephen Carville 
Systems Engineer
Land America
1.626.667.1450 X326

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


       
---------------------------------
Sick sense of humor? Visit Yahoo! TV's Comedy with an Edge to see what's on, when. 
       
---------------------------------
Give spam the boot. Take control with tough spam protection
in the all-new Yahoo! Mail Beta.

More information about the redhat-list mailing list