named config

branden_burger · 04-10-2005, 03:57 PM

Here are the salient features of my named.conf file. I've been suffering random 0ops system crashes. Can't figure it out. I'm trying to narrow down the possibilities

. Maybe it could be something in BIND.
The /var/log/messages file has a lot of "named:lame server resolving..." messages - what does that mean? Is this a healthy config file?? The zone files are fine - no hassles there.

options {
directory "/var";
auth-nxdomain no;
pid-file "/var/run/named/named.pid";
version "Quit fooling..";
recursion yes;
allow-recursion {localhost; };
};

zone "xyz.com"{
type master;
file "db.test.com";
allow-transfer {1.2.3.4;};
};

zone "xyz.net"{
type slave;
masters {1.2.3.4;};
};

Thanks

odious1 · 04-10-2005, 06:24 PM

lame server messages showing up are normal and beyond your control. they are a result of a referral to a server which does not answer authoritatively. define system crashes and post appropriate debug sections.

tom

branden_burger · 04-11-2005, 11:00 AM

well, the system crashes were related to an 0ops naming prelink and updatedb as the culprits. Now there isn't that much wrong with either program, so I can't figure it out. So I'm trying to narrow down the culprit. I'm thinking about BIND - but tell me anyway, why should my nameserver, be looked up for domains whose SOA isn't with me?

odious1 · 04-11-2005, 08:51 PM

your server is set up to answer recursive queries which means that it will try to resolve a name itself as opposed to forwarding the request to another server if the answer is not in cache. there are lame servers all over the internet, there is nothing wrong with your configuration. everone running a nameserver has this stuff. any hints in debug or syslog logs?

branden_burger · 04-12-2005, 11:13 AM

The /var/log/messages file has in it a LOT of named: lame server esolving (....something.nl) and so on, then there's a kernel 0ops, and we crashed the moment some one tried to ssh in. Anyway, I have two more BIND related queries.

I'm running a mailserver on this system and so I'm running a DNS server for it as well. My ISP won't maintain DNS for my domain.

Q1) Not too many people know about my mailserver/nameserver or its IP. How are people using it to resolve domains I never send mail to?

Q2)I have an allow- recursion {localhost;}; but even then, how are other computers are able to query my nameserver? I mean if I do dig google.com @mynameserver_IP I get an answer even if I'm NOT doing it from the machine itself!!

Thanks.

odious1 · 04-15-2005, 07:12 PM

Quote:

Q1) Not too many people know about my mailserver/nameserver or its IP. How are people using it to resolve domains I never send mail to?

They probably are not, your mailserver is. Everytime an inbound message is sent to your smtp daemon it does a reverse dns lookup to verify origin. with all the spam and forged addresses this will account for the majority of those localhost queries and lame servers.

Quote:

Q2)I have an allow- recursion {localhost;}; but even then, how are other computers are able to query my nameserver? I mean if I do dig google.com @mynameserver_IP I get an answer even if I'm NOT doing it from the machine itself!!

Set up a acl:

Code:

acl allowedhosts { 192.168.0.0/24 };
                                allow-recursion {allowedhosts};

tom