Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
;; ANSWER SECTION: www.domain.com. 3423 IN CNAME 95.211.1xx.xx.
;; AUTHORITY SECTION:
. 10623 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2012042201 1800 900 604800 86400
<-snip->
Also dig gives a NXDOMAIN.
Now it also gives an answer (a CNAME to an IP), but from the whole dig output:
1. your dns did not answer authoritatively (no aa in the header flags)
2. gave as authoritative dns a root server
Defining a CNAME pointing to an IP address is not a wise think to do. You should always point to an A record.
Anyway you can post your zone file so we could see what is wrong.
I have no input in my zone file for www.domain.com ,I dont know why it showed up with CNAME and HOST A
The dig answer is very strange indeed.
At first it gives a NXDOMAIN correctly and then it resolves the non-existent domain to a CNAME pointing to an IP address.
I guess your dns is forwarding queries to somewhere else. So show us also named.conf and the output of
I guess this happens because you're using dnssec validation, while you have not configured dnssec correctly.
If you don't want dnssec comment out those lines and restart the service
BTW, you don't need the internal view, as you don't define another view in named.conf. So try this:
Code:
options {
listen-on port 53 { 111.111.111.1;};
listen-on-v6
{ none; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query
{ localhost;
111.111.111.0/26;
};
allow-transfer { localhost; 111.111.111.0/26; };
recursion yes;
#dnssec-enable yes;
#dnssec-validation yes;
#dnssec-lookaside auto;
#bindkeys-file "/etc/named.iscdlv.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "111.111.111.in-addr.arpa" {
type master;
file "pri.111.111.111.in-addr.arpa";
};
zone "domain.com" {
type master;
file "pri.domain.com";
};
include "/etc/named.rfc1912.zones";
Thank you, I will try your config, but I just put a host A record in 111.111.111.1 and it seems to be stable now.I do not get any error about dnssec so why do you say it is configured incorrectly? I wanna offer some security to users browsing on my LAN.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.