Hi,
Lately I installed a DNS server for local hostnames. I'm running a linux server (Debian) at home, and I want the DNS of my server to resolve locally within my LAN.
This is my network:
internet - modem/router/dhcp - multiple computers (including linux server)
The modem dhcp configuration contains a dns server IP of my local linux server.
Everything works fine, but from time to time the DNS server generates a query burst and tries to resolve a.root-servers.net until z.root-servers.net and much more DNS names.
The result of this burst is that my modem cannot handle the amount of connections and refuses any new connections.
The burst is about a few minutes long, after that there are new connections available in the modem.
It sometimes also causes connection drop and usually a high latency.
I already tried to set
serial-query-rate to 1. But with no effect.
This is my named.conf.options:
Code:
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
//directory "/etc/bind/";
recursion yes;
serial-query-rate 1;
//allow-recursion {
// local_net;
// };
allow-transfer {
none;
};
forwarders {
10.0.0.138;
};
};
named.conf:
Code:
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "10.in-addr.arpa" {
type master;
file "/etc/bind/db.10";
};
zone "foo.net" {
type master;
file "/etc/bind/db.foo.net";
};
/etc/resolv.conf:
Code:
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
/etc/hosts:
Code:
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
127.0.0.1 localhost
127.0.0.1 foo.net
127.0.0.1 www.foo.net
127.0.0.1 bar.foo.net bar
Everything the local DNS server cannot resolve, has to be forwarded to 10.0.0.138 (my modem). I do not understand why it is trying to resolve a.root-servers.net and such.